You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Aaron Axelsen <li...@frozenpc.net> on 2003/10/27 21:29:42 UTC
[users@httpd] SSL on Virtual Hosts
Hello,
I have an Apache 2.0 Virtual hosts set up as follows:
<VirtualHost *:80>
DocumentRoot /path/to/document/root
ServerName virtualhost.myserver.com
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost
CustomLog logs/vhost.log combined
<Directory /path/to/document/root>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
SSl is defined as:
<VirtualHost *:443>
DocumentRoot "/path/to/document/root/"
ServerAdmin me@myserver.com
ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combined
All the other necessary ssl lines
</virualhost>
Is the best way of doing this to make one enter for each virutal host
containing ssl and http access?
Thanks,
--
Aaron Axelsen
aim: aaak2
email: axelseaa@amadmax.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL on Virtual Hosts
Posted by Leif W <wa...@usa.net>.
----- Original Message -----
From: "Aaron Axelsen" <li...@frozenpc.net>
To: "Leif W" <wa...@usa.net>
Cc: <us...@httpd.apache.org>; <li...@frozenpc.net>
Sent: Monday, October 27, 2003 4:22 PM
Subject: Re: [users@httpd] SSL on Virtual Hosts
> I thought that with namebased virtual hosting that all this could be
> accomplished via one ip?
Check the mailing list archives, this is a common question (I asked it
myself some months ago and have been answering it since as payback :) .
Name based virtual hosting works off of the Host header sent by the browser.
But during an encrypted session, all data is encrypted, so there's no way
for Apache to know which Host is intended, so it can't match up to a
ServerName or ServerAlias, and therefore can't figure out which certificate
or key file to use to decrypt the incoming data. All it has to rely on for
identification is a unique IP:port pair.
Leif
> > ----- Original Message -----
> > From: "Aaron Axelsen" <li...@frozenpc.net>
> > To: <us...@httpd.apache.org>
> > Sent: Monday, October 27, 2003 3:29 PM
> > Subject: [users@httpd] SSL on Virtual Hosts
> >
> >
> >> Hello,
> >>
> >> I have an Apache 2.0 Virtual hosts set up as follows:
> >>
> >> <VirtualHost *:80>
> >> DocumentRoot /path/to/document/root
> >> ServerName virtualhost.myserver.com
> >> LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost
> >> CustomLog logs/vhost.log combined
> >> <Directory /path/to/document/root>
> >> Options Indexes FollowSymLinks
> >> AllowOverride All
> >> Order allow,deny
> >> Allow from all
> >> </Directory>
> >> </VirtualHost>
> >>
> >> SSl is defined as:
> >>
> >> <VirtualHost *:443>
> >> DocumentRoot "/path/to/document/root/"
> >> ServerAdmin me@myserver.com
> >> ErrorLog logs/ssl_error_log
> >> CustomLog logs/ssl_access_log combined
> >> All the other necessary ssl lines
> >> </virualhost>
> >>
> >> Is the best way of doing this to make one enter for each virutal host
> >> containing ssl and http access?
> >
> > Not sure what you're asking. The config outlined above looks ok. But
> > remember that using SSL, you must have a unique IP:port pair for each
> > host.
> > That means if you want to use the same default port 443 for ssl, you
will
> > need multiple IP addresses. If you have only one IP address, you can
use
> > alternate ports (i.e. 4300+), but must remember to specify these ports
in
> > all URLs or scripts or programs across the site (or use some form of
> > relative URIs, and let the browser prepend the hostname and port), for
> > example http://myserver2.com/ and https://myserver2.com:4300/ .
> >
> > Leif
> >
> >> Thanks,
> >>
> >> --
> >> Aaron Axelsen
> >> aim: aaak2
> >> email: axelseaa@amadmax.com
> >
> >
> >
>
>
> --
> Aaron Axelsen
> aim: aaak2
> email: axelseaa@amadmax.com
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL on Virtual Hosts
Posted by "Roger B.A. Klorese" <ro...@queernet.org>.
Larry McFarlane wrote:
> Won't this generate a certificate alert regardless?
Yes, other than for www.myserver.com...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] About Apache 1.3.29
Posted by André Malo <nd...@perlig.de>.
* "Mark Clarkstone" <ma...@ntlworld.com> wrote:
> Can anyone tell me why there are no downloads for windows?
Because they aren't built yet ...
HTH, nd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] About Apache 1.3.29
Posted by BAO RuiXian <ru...@pp.inet.fi>.
If you read the release carefully, you would notice that Apache 1.3.29
is better used on Unix platforms. As for Windows version, please choose
Apache 2.0.48.
Best
Bao
Mark Clarkstone wrote:
> Can anyone tell me why there are no downloads for windows?
>
> Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] About Apache 1.3.29
Posted by Mark Clarkstone <ma...@ntlworld.com>.
Can anyone tell me why there are no downloads for windows?
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Usgage of mod_gzip
Posted by Richard Correia <ri...@ugamsolutions.com>.
Hi,
Anybody has a list of BIG servers using mod_gzip ?
Are there any serious performance issues when using mod_gzip to server
textual content ?
Thanks
Rich
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL on Virtual Hosts
Posted by Larry McFarlane <LM...@tconl.com>.
Won't this generate a certificate alert regardless? For example, my
certificate is set for www.myserver.com. If I do this for
newname.myserver.com, an alert will popup saying my domain doesn't match
the domain on the certificate...
On Mon, 27 Oct 2003 13:26:33 -0800, Roger B.A. Klorese
<ro...@queernet.org> wrote:
>> I thought that with namebased virtual hosting that all this could be
>> accomplished via one ip?
>
> The encryption is established before the Host: header is passed in order
> to
> tell the web server which name-based virtual host you want.
>
> If you use SSL with name-based virtual hosts, the same cert and name
> will be
> used for all hosts on that IP address.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] SSL on Virtual Hosts
Posted by "Roger B.A. Klorese" <ro...@queernet.org>.
> I thought that with namebased virtual hosting that all this could be
> accomplished via one ip?
The encryption is established before the Host: header is passed in order to
tell the web server which name-based virtual host you want.
If you use SSL with name-based virtual hosts, the same cert and name will be
used for all hosts on that IP address.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL on Virtual Hosts
Posted by Aaron Axelsen <li...@frozenpc.net>.
I thought that with namebased virtual hosting that all this could be
accomplished via one ip?
> ----- Original Message -----
> From: "Aaron Axelsen" <li...@frozenpc.net>
> To: <us...@httpd.apache.org>
> Sent: Monday, October 27, 2003 3:29 PM
> Subject: [users@httpd] SSL on Virtual Hosts
>
>
>> Hello,
>>
>> I have an Apache 2.0 Virtual hosts set up as follows:
>>
>> <VirtualHost *:80>
>> DocumentRoot /path/to/document/root
>> ServerName virtualhost.myserver.com
>> LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost
>> CustomLog logs/vhost.log combined
>> <Directory /path/to/document/root>
>> Options Indexes FollowSymLinks
>> AllowOverride All
>> Order allow,deny
>> Allow from all
>> </Directory>
>> </VirtualHost>
>>
>> SSl is defined as:
>>
>> <VirtualHost *:443>
>> DocumentRoot "/path/to/document/root/"
>> ServerAdmin me@myserver.com
>> ErrorLog logs/ssl_error_log
>> CustomLog logs/ssl_access_log combined
>> All the other necessary ssl lines
>> </virualhost>
>>
>> Is the best way of doing this to make one enter for each virutal host
>> containing ssl and http access?
>
> Not sure what you're asking. The config outlined above looks ok. But
> remember that using SSL, you must have a unique IP:port pair for each
> host.
> That means if you want to use the same default port 443 for ssl, you will
> need multiple IP addresses. If you have only one IP address, you can use
> alternate ports (i.e. 4300+), but must remember to specify these ports in
> all URLs or scripts or programs across the site (or use some form of
> relative URIs, and let the browser prepend the hostname and port), for
> example http://myserver2.com/ and https://myserver2.com:4300/ .
>
> Leif
>
>> Thanks,
>>
>> --
>> Aaron Axelsen
>> aim: aaak2
>> email: axelseaa@amadmax.com
>
>
>
--
Aaron Axelsen
aim: aaak2
email: axelseaa@amadmax.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL on Virtual Hosts
Posted by Leif W <wa...@usa.net>.
----- Original Message -----
From: "Aaron Axelsen" <li...@frozenpc.net>
To: <us...@httpd.apache.org>
Sent: Monday, October 27, 2003 3:29 PM
Subject: [users@httpd] SSL on Virtual Hosts
> Hello,
>
> I have an Apache 2.0 Virtual hosts set up as follows:
>
> <VirtualHost *:80>
> DocumentRoot /path/to/document/root
> ServerName virtualhost.myserver.com
> LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost
> CustomLog logs/vhost.log combined
> <Directory /path/to/document/root>
> Options Indexes FollowSymLinks
> AllowOverride All
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> SSl is defined as:
>
> <VirtualHost *:443>
> DocumentRoot "/path/to/document/root/"
> ServerAdmin me@myserver.com
> ErrorLog logs/ssl_error_log
> CustomLog logs/ssl_access_log combined
> All the other necessary ssl lines
> </virualhost>
>
> Is the best way of doing this to make one enter for each virutal host
> containing ssl and http access?
Not sure what you're asking. The config outlined above looks ok. But
remember that using SSL, you must have a unique IP:port pair for each host.
That means if you want to use the same default port 443 for ssl, you will
need multiple IP addresses. If you have only one IP address, you can use
alternate ports (i.e. 4300+), but must remember to specify these ports in
all URLs or scripts or programs across the site (or use some form of
relative URIs, and let the browser prepend the hostname and port), for
example http://myserver2.com/ and https://myserver2.com:4300/ .
Leif
> Thanks,
>
> --
> Aaron Axelsen
> aim: aaak2
> email: axelseaa@amadmax.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org