You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Foster, Nate" <na...@puresolar.us> on 2014/04/29 21:48:57 UTC
[users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hi All,
I'm new to the list, so please excuse me if I'm in the wrong spot.
I host a groupware service on a Debian 7 host running Apache2.2. The
service uses multiple URL's for it's interface.
xx.xx.xx.xx/webmail is the main interface
xx.xx.xx.xx/web-admin is the administrative interface
xx.xx.xx.xx/webdav is for access to the WebDAV component
Each URL is enabled and it's .conf file is living in sites-enabled/
To secure the first URL, I modified the webmail.conf to have the
following lines at the top of the file:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/apache.pem
SSLCertificateKeyFile /etc/ssl/private/apache.key
ServerAdmin webmaster@puresolar.us
and </VirtualHost> at the bottom of the file.
This worked great until I repeated it for the remaining URL's which
results in an error: [warn] _default_ VirtualHost overlap on port 443,
the first has precedence
When I search for tutorials and documentation on how to do this
properly, I keep getting information related to securing multiple
virtual hosts, which does not really work for my scenario. I would be
grateful for any pointers on how I can secure my server properly!
Many Thanks!
-Nate
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Posted by "Foster, Nate" <na...@puresolar.us>.
Hi Nick,
Thanks for the fast response. These URL's are all hosted on the same
machine w/the same IP address.
I figured out what I was doing wrong thanks to Eggert. I was not using
the <directory "/xxx/xxx"> properly.
I'm including my fixed .conf file below in case it might be useful to
others.
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/apache.pem
SSLCertificateKeyFile /etc/ssl/private/apache.key
ServerAdmin webmaster@puresolar.us
# Those aliases do not work properly with several hosts on your apache
server
# Uncomment them to use it or adapt them to your configuration
# Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
# Alias /roundcube /var/lib/roundcube
# by NF - Alias /roundcubemail /usr/share/roundcubemail/
Alias /webmail /usr/share/roundcubemail/
# by NF - Adding Alias for webadmin
Alias /kolab-webadmin /usr/share/kolab-webadmin/public_html/
# by NF - Alias for iRony
Alias /iRony /usr/share/iRony/public_html
########################################################
##### This section for RoundCubeMail AKA Webmail #####
########################################################
# Access to tinymce files
#<Directory "/usr/share/tinymce/www/">
# Options Indexes MultiViews FollowSymLinks
# AllowOverride None
# Order allow,deny
# Allow from all
#</Directory>
<Directory /usr/share/roundcubemail/>
Options +FollowSymLinks
AllowOverride All
<ifModule mod_authz_core.c>
Require all granted
</ifModule>
<ifModule !mod_authz_core.c>
Order Allow,Deny
Allow from All
</ifModule>
</Directory>
# Protecting basic directories:
<Directory /usr/share/roundcubemail/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /usr/share/roundcubemail/logs>
Options -FollowSymLinks
AllowOverride None
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
<ifModule !mod_authz_core.c>
Order Deny,Allow
Deny from All
</ifModule>
</Directory>
########################################################
##### This section for Kolab-Webadmin #####
########################################################
<Directory "/usr/share/kolab-webadmin/public_html/">
<IfModule mod_rewrite.c>
RewriteEngine on
# NOTE: This needs to point to the base uri of your
installation.
RewriteBase /kolab-webadmin/
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^api/(.*)\.(.*)$ api/index.php?service=$1&method=$2
[L,QSA]
</IfModule>
AddDefaultCharset UTF-8
php_value error_reporting 6135
DirectoryIndex index.php
AllowOverride All
<ifModule mod_authz_core.c>
Require all granted
</ifModule>
<ifModule !mod_authz_core.c>
Order Allow,Deny
Allow from All
</ifModule>
</Directory>
########################################################
##### This section iRony #####
########################################################
<Directory "/usr/share/iRony/public_html/">
AllowOverride All
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
</IfModule>
RewriteEngine On
RewriteBase /iRony/
RewriteRule ^\.well-known/caldav / [R,L]
RewriteRule ^\.well-known/carddav / [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [qsappend,last]
</Directory>
</VirtualHost>
On 29.04.2014 13:16, Nick Tkach wrote:
> So in that list of urls at the top, those are totally separate names
> and IPs? Something like this?
>
>
> 11.22.33.44/webmail is the main interface
> 55.66.77.88/web-admin is the administrative interface
> 99.00.11.22/webdav is for access to the WebDAV component
>
>
> On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate
> <na...@puresolar.us> wrote:
>> Hi All,
>>
>> I'm new to the list, so please excuse me if I'm in the wrong spot.
>>
>> I host a groupware service on a Debian 7 host running Apache2.2. The
>> service uses multiple URL's for it's interface.
>>
>> xx.xx.xx.xx/webmail is the main interface
>> xx.xx.xx.xx/web-admin is the administrative interface
>> xx.xx.xx.xx/webdav is for access to the WebDAV component
>>
>> Each URL is enabled and it's .conf file is living in sites-enabled/
>>
>> To secure the first URL, I modified the webmail.conf to have the
>> following
>> lines at the top of the file:
>>
>> <VirtualHost *:443>
>> SSLEngine on
>> SSLCertificateFile /etc/ssl/apache.pem
>> SSLCertificateKeyFile /etc/ssl/private/apache.key
>> ServerAdmin webmaster@puresolar.us
>>
>>
>> and </VirtualHost> at the bottom of the file.
>>
>> This worked great until I repeated it for the remaining URL's which
>> results
>> in an error: [warn] _default_ VirtualHost overlap on port 443, the
>> first
>> has precedence
>>
>> When I search for tutorials and documentation on how to do this
>> properly, I
>> keep getting information related to securing multiple virtual hosts,
>> which
>> does not really work for my scenario. I would be grateful for any
>> pointers
>> on how I can secure my server properly!
>>
>> Many Thanks!
>>
>> -Nate
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on
a single host with a single domain?
Posted by Nick Tkach <nt...@gmail.com>.
So in that list of urls at the top, those are totally separate names
and IPs? Something like this?
11.22.33.44/webmail is the main interface
55.66.77.88/web-admin is the administrative interface
99.00.11.22/webdav is for access to the WebDAV component
On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate <na...@puresolar.us> wrote:
> Hi All,
>
> I'm new to the list, so please excuse me if I'm in the wrong spot.
>
> I host a groupware service on a Debian 7 host running Apache2.2. The
> service uses multiple URL's for it's interface.
>
> xx.xx.xx.xx/webmail is the main interface
> xx.xx.xx.xx/web-admin is the administrative interface
> xx.xx.xx.xx/webdav is for access to the WebDAV component
>
> Each URL is enabled and it's .conf file is living in sites-enabled/
>
> To secure the first URL, I modified the webmail.conf to have the following
> lines at the top of the file:
>
> <VirtualHost *:443>
> SSLEngine on
> SSLCertificateFile /etc/ssl/apache.pem
> SSLCertificateKeyFile /etc/ssl/private/apache.key
> ServerAdmin webmaster@puresolar.us
>
>
> and </VirtualHost> at the bottom of the file.
>
> This worked great until I repeated it for the remaining URL's which results
> in an error: [warn] _default_ VirtualHost overlap on port 443, the first
> has precedence
>
> When I search for tutorials and documentation on how to do this properly, I
> keep getting information related to securing multiple virtual hosts, which
> does not really work for my scenario. I would be grateful for any pointers
> on how I can secure my server properly!
>
> Many Thanks!
>
> -Nate
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Posted by "Foster, Nate" <na...@puresolar.us>.
Hello Eggert,
Thanks for your suggestion! I'm going to try it now. :-)
Nate
On 29.04.2014 12:56, Eggert Ehmke wrote:
> Hello Nate,
>
> if all your URLs are in the same domain, I would expect only one
> virtual host.
> This can contain multiple <Directory xxx> sections for your purpose.
> This way
> you only have one host on port 443.
> Hope that helps
> Eggert
>
>
> Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate:
>> Hi All,
>>
>> I'm new to the list, so please excuse me if I'm in the wrong spot.
>>
>> I host a groupware service on a Debian 7 host running Apache2.2. The
>> service uses multiple URL's for it's interface.
>>
>> xx.xx.xx.xx/webmail is the main interface
>> xx.xx.xx.xx/web-admin is the administrative interface
>> xx.xx.xx.xx/webdav is for access to the WebDAV component
>>
>> Each URL is enabled and it's .conf file is living in sites-enabled/
>>
>> To secure the first URL, I modified the webmail.conf to have the
>> following lines at the top of the file:
>>
>> <VirtualHost *:443>
>> SSLEngine on
>> SSLCertificateFile /etc/ssl/apache.pem
>> SSLCertificateKeyFile /etc/ssl/private/apache.key
>> ServerAdmin webmaster@puresolar.us
>>
>>
>> and </VirtualHost> at the bottom of the file.
>>
>> This worked great until I repeated it for the remaining URL's which
>> results in an error: [warn] _default_ VirtualHost overlap on port
>> 443,
>> the first has precedence
>>
>> When I search for tutorials and documentation on how to do this
>> properly, I keep getting information related to securing multiple
>> virtual hosts, which does not really work for my scenario. I would be
>> grateful for any pointers on how I can secure my server properly!
>>
>> Many Thanks!
>>
>> -Nate
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Posted by Eggert Ehmke <eg...@berlin.de>.
Hello Nate,
if all your URLs are in the same domain, I would expect only one virtual host.
This can contain multiple <Directory xxx> sections for your purpose. This way
you only have one host on port 443.
Hope that helps
Eggert
Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate:
> Hi All,
>
> I'm new to the list, so please excuse me if I'm in the wrong spot.
>
> I host a groupware service on a Debian 7 host running Apache2.2. The
> service uses multiple URL's for it's interface.
>
> xx.xx.xx.xx/webmail is the main interface
> xx.xx.xx.xx/web-admin is the administrative interface
> xx.xx.xx.xx/webdav is for access to the WebDAV component
>
> Each URL is enabled and it's .conf file is living in sites-enabled/
>
> To secure the first URL, I modified the webmail.conf to have the
> following lines at the top of the file:
>
> <VirtualHost *:443>
> SSLEngine on
> SSLCertificateFile /etc/ssl/apache.pem
> SSLCertificateKeyFile /etc/ssl/private/apache.key
> ServerAdmin webmaster@puresolar.us
>
>
> and </VirtualHost> at the bottom of the file.
>
> This worked great until I repeated it for the remaining URL's which
> results in an error: [warn] _default_ VirtualHost overlap on port 443,
> the first has precedence
>
> When I search for tutorials and documentation on how to do this
> properly, I keep getting information related to securing multiple
> virtual hosts, which does not really work for my scenario. I would be
> grateful for any pointers on how I can secure my server properly!
>
> Many Thanks!
>
> -Nate
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org