You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by vi...@free.fr on 2007/08/18 11:55:04 UTC
[users@httpd] Some problems with Virtual Host setup and SSL
Hello !
I've some problems with Virtual Hosts on Apache2, please have a look at my config files:
===========================
File sites-enabled/default
===========================
-------------------------------->
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
DocumentRoot /var/www/phpmyadmin
ServerSignature On
<IfModule mod_ssl.c>
RewriteEngine on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</IfModule>
</VirtualHost>
<---------------------------------------
===============================
File sites-enabled/ssl
================================
-------------------------------------->
NameVirtualHost *:443
<VirtualHost *:443>
# change: address of web admin
ServerAdmin webmaster@localhost
SSLEngine On
SSLCertificateFile /etc/ssl/CA/private/Administration-key-cert.pem
ServerSignature On
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ProxyHTMLLogVerbose On
ProxyHTMLExtended On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /ntop/ https://localhost:3000/
ProxyPassReverse /ntop/ https://localhost:3000/
<-------------------------------------------
When i go to http://server/, it redirects to https://server/ and i have a 404 error.
I just want to redirect http://admin.server/phpmyadmin (not http://server/phpmyadmin byt http://admin.server/phpmyadmin) to https://admin.server/phpmyadmin
I would also redirect the web pages of a software running on localhost:3000 (on the server) to https://admin.server/ntop/
How can i do that ?
Thanks !
Vianney
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Problems of charset and file location with VirtualHost, SSL and Reverse Proxy
Posted by vi...@free.fr.
Hello !
I have some problems using VirtualHost and SSL, please have a look at my log file:
-------------->
[Mon Aug 20 17:31:14 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1
[Mon Aug 20 17:31:14 2007] [error] [client 10.0.5.253] Error in bucket read
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/mail.gif, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/spacer.gif, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: error reading status line from remote server localhost, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: Error reading from remote server returned by /ntop/plugins/rrdPlugin, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/external.png, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: error reading status line from remote server localhost, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: Error reading from remote server returned by /ntop/plugins/rrdPlugin, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/white_bg.gif, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/blank.gif, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] File does not exist: /var/www-admin/arrow.gif, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [warn] [client 10.0.5.253] No usable charset information: using old HTTP default LATIN1, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] Error in bucket read, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: error reading status line from remote server localhost, referer: https://administration.homeserver.home/ntop/
[Mon Aug 20 17:31:15 2007] [error] [client 10.0.5.253] proxy: Error reading from remote server returned by /ntop/plugins/rrdPlugin, referer: https://administration.homeserver.home/ntop/
<--------------------
I think there is 2 problems, first, there is a problem with the charset (first lines of my error logs), the second problem is a problem of location files (Files doest not exist). For example, white_gb.gif is not in /var/www-admin/ but in https://localhost:3000/
This is my configuration file:
------------------------<
NameVirtualHost administration.homeserver.home:443
<VirtualHost administration.homeserver.home:443>
ServerAdmin inet@localhost.fr
SSLEngine On
SSLCertificateFile /etc/ssl/CA/private/InetAdministration-key-cert.pem
ServerName administration.homeserver.home
DocumentRoot /var/www-admin/
<Directory "/var/www-admin/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
LogLevel warn
ServerSignature Off
### PATCH SUGGESTED BY NESSUS ABOUT TRACE ATTACKS
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#### NTOP (PROXY REVERSE) ########
SSLProxyEngine On
ProxyHTMLLogVerbose On
LogLevel warn
ProxyHTMLExtended On
#ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /ntop/ https://localhost:3000/
ProxyPassReverse /ntop/ https://localhost:3000/
<Location /ntop/>
SetOutputFilter proxy-html
ProxyHTMLURLMap / /ntop/
ProxyHTMLURLMap /ntop/plugins/ntop/ /ntop/plugins/
ProxyHTMLURLMap /ntop/plugins/rrdPlugin/ntop/ /ntop/plugins/rrdPlugin/
RequestHeader unset Accept-Encoding
</Location>
ProxyPass /monit/ https://localhost:3001/
ProxyPassReverse /monit/ https://localhost:3001/
<Location /monit/>
SetOutputFilter proxy-html
ProxyHTMLURLMap / /monit/
RequestHeader unset Accept-Encoding
</Location>
</VirtualHost>
-----------------------------------------<
What have i to do to correct that ?
Thanks !
Vianney
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Some problems with Virtual Host setup and SSL
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 19.08.07 10:39, via.lej@free.fr wrote:
> Thanks, so, i give up my system...The easiest way to do what i want is to
> use:
>
> 1)VirtualHost1 without SSL (http://my.server/)
> 2)Virtualhost2 with SSL (http://admin.server/ with redirection to https://admin.server/)
http://admin.server/ is virtualhost without ssl. you probably want to have
this virtualhost without ssl, only redirecting to another virtual host WITH
ssl, which is https://admin.server/
> 3)A way to redirect webpages from https://localhost:3000/ to
> https://admin.server/ntop/
ehm? You mean that https://admin.server/ntop/ should be proxied to
https://localhost:3000/, so there will e one SSL tunnel between client and
apache, and another SSL tunnel betwrrn apache and ntop on localhost?
I think apache can't do the latter. However if you could force ntop to run
on localhost without ssl (which is useless there), it could be done.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Some problems with Virtual Host setup and SSL
Posted by vi...@free.fr.
Thanks, so, i give up my system...The easiest way to do what i want is to use:
1)VirtualHost1 without SSL (http://my.server/)
2)Virtualhost2 with SSL (http://admin.server/ with redirection to https://admin.server/)
3)A way to redirect webpages from https://localhost:3000/ to https://admin.server/ntop/
Is it possible and how to do that ?
Thanks,
Vianney
Le Sat, 18 Aug 2007 22:58:20 +0200, Tony Stevenson <to...@pc-tony.com> a écrit:
> Vianney
>
> You cannot (without some major tweaks) use name based virtualhosts + SSL.
>
> For each site it is recommended that you use 1 IP and or port.
> Have a look at the wikipage, even though it is still a work in progress
> you should understand the reasons.
>
> http://wiki.apache.org/httpd/NameBasedSSLVHosts
>
> Or you can refer to the official Apache documentation, here:
>
> http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2
>
>
>
> Cheers,
> Tony
>
>
>
>
> via.lej@free.fr wrote:
>> Hello !
>>
>> I've some problems with Virtual Hosts on Apache2, please have a look at my config files:
>>
>> ===========================
>> File sites-enabled/default
>> ===========================
>>
>> -------------------------------->
>> NameVirtualHost *
>> <VirtualHost *>
>> ServerAdmin webmaster@localhost
>>
>> DocumentRoot /var/www/
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> </Directory>
>> <Directory /var/www/>
>> Options Indexes FollowSymLinks MultiViews
>> AllowOverride None
>> Order allow,deny
>> allow from all
>> </Directory>
>>
>> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>> <Directory "/usr/lib/cgi-bin">
>> AllowOverride None
>> Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
>> Order allow,deny
>> Allow from all
>> </Directory>
>>
>> ErrorLog /var/log/apache2/error.log
>>
>> # Possible values include: debug, info, notice, warn, error, crit,
>> # alert, emerg.
>> LogLevel warn
>>
>> CustomLog /var/log/apache2/access.log combined
>> ServerSignature On
>>
>> Alias /doc/ "/usr/share/doc/"
>> <Directory "/usr/share/doc/">
>> Options Indexes MultiViews FollowSymLinks
>> AllowOverride None
>> Order deny,allow
>> Deny from all
>> Allow from 127.0.0.0/255.0.0.0 ::1/128
>> </Directory>
>>
>> DocumentRoot /var/www/phpmyadmin
>> ServerSignature On
>>
>> <IfModule mod_ssl.c>
>> RewriteEngine on
>> RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
>> </IfModule>
>>
>> </VirtualHost>
>>
>> <---------------------------------------
>>
>>
>>
>> ===============================
>> File sites-enabled/ssl
>> ================================
>>
>> -------------------------------------->
>> NameVirtualHost *:443
>> <VirtualHost *:443>
>>
>> # change: address of web admin
>> ServerAdmin webmaster@localhost
>> SSLEngine On
>> SSLCertificateFile /etc/ssl/CA/private/Administration-key-cert.pem
>>
>> ServerSignature On
>>
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> </Directory>
>>
>>
>> ProxyHTMLLogVerbose On
>> ProxyHTMLExtended On
>>
>>
>> ProxyRequests Off
>> <Proxy *>
>> Order deny,allow
>> Allow from all
>> </Proxy>
>>
>> ProxyPass /ntop/ https://localhost:3000/
>> ProxyPassReverse /ntop/ https://localhost:3000/
>>
>> <-------------------------------------------
>>
>>
>> When i go to http://server/, it redirects to https://server/ and i have a 404 error.
>>
>> I just want to redirect http://admin.server/phpmyadmin (not http://server/phpmyadmin byt http://admin.server/phpmyadmin) to https://admin.server/phpmyadmin
>>
>> I would also redirect the web pages of a software running on localhost:3000 (on the server) to https://admin.server/ntop/
>>
>> How can i do that ?
>>
>> Thanks !
>> Vianney
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Some problems with Virtual Host setup and SSL
Posted by Tony Stevenson <to...@pc-tony.com>.
Vianney
You cannot (without some major tweaks) use name based virtualhosts + SSL.
For each site it is recommended that you use 1 IP and or port.
Have a look at the wikipage, even though it is still a work in progress
you should understand the reasons.
http://wiki.apache.org/httpd/NameBasedSSLVHosts
Or you can refer to the official Apache documentation, here:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2
Cheers,
Tony
via.lej@free.fr wrote:
> Hello !
>
> I've some problems with Virtual Hosts on Apache2, please have a look at my config files:
>
> ===========================
> File sites-enabled/default
> ===========================
>
> -------------------------------->
> NameVirtualHost *
> <VirtualHost *>
> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www/
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
> <Directory "/usr/lib/cgi-bin">
> AllowOverride None
> Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Order allow,deny
> Allow from all
> </Directory>
>
> ErrorLog /var/log/apache2/error.log
>
> # Possible values include: debug, info, notice, warn, error, crit,
> # alert, emerg.
> LogLevel warn
>
> CustomLog /var/log/apache2/access.log combined
> ServerSignature On
>
> Alias /doc/ "/usr/share/doc/"
> <Directory "/usr/share/doc/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride None
> Order deny,allow
> Deny from all
> Allow from 127.0.0.0/255.0.0.0 ::1/128
> </Directory>
>
> DocumentRoot /var/www/phpmyadmin
> ServerSignature On
>
> <IfModule mod_ssl.c>
> RewriteEngine on
> RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
> </IfModule>
>
> </VirtualHost>
>
> <---------------------------------------
>
>
>
> ===============================
> File sites-enabled/ssl
> ================================
>
> -------------------------------------->
> NameVirtualHost *:443
> <VirtualHost *:443>
>
> # change: address of web admin
> ServerAdmin webmaster@localhost
> SSLEngine On
> SSLCertificateFile /etc/ssl/CA/private/Administration-key-cert.pem
>
> ServerSignature On
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
>
> ProxyHTMLLogVerbose On
> ProxyHTMLExtended On
>
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPass /ntop/ https://localhost:3000/
> ProxyPassReverse /ntop/ https://localhost:3000/
>
> <-------------------------------------------
>
>
> When i go to http://server/, it redirects to https://server/ and i have a 404 error.
>
> I just want to redirect http://admin.server/phpmyadmin (not http://server/phpmyadmin byt http://admin.server/phpmyadmin) to https://admin.server/phpmyadmin
>
> I would also redirect the web pages of a software running on localhost:3000 (on the server) to https://admin.server/ntop/
>
> How can i do that ?
>
> Thanks !
> Vianney
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org