You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Gregor Schneider <rc...@googlemail.com> on 2007/11/20 16:09:36 UTC
[users@httpd] Problem with NameVirtualHost and VirtualHost
Hi Guys,
I always keep being puzzled about those options, and I also don't get
enlighted by the doc.
this is what I have:
System: Debian Etch
/etc/apache2/apaxhe2.conf:
...
NameVirtualHost *:80
NameVirtualHost *:443
...
in /etc/apache2/sites-enabled I have
file clue:
<VirtualHost *:80>
ServerName test-clue
....
</VirtualHost>
<VirtualHost *:443>
ServerName test-clue
....
</VirtualHost>
file dom:
<VirtualHost *:80>
ServerName test-dom
....
</VirtualHost>
<VirtualHost *:443>
ServerName test-dom
....
</VirtualHost>
file ltc:
<VirtualHost *:80>
ServerName test-ltc
....
</VirtualHost>
<VirtualHost *:443>
ServerName test-ltc
....
</VirtualHost>
Since I'm running the test-server on one single IP, I'm aware that I'm
getting ssl-warnings - it doesn't matter.
However, this is what's driving me nuts:
When I enter the url "https://test-ltc", I'm always sent to
"https://test-clue", and I kust don't understand why.
According to the docs
(http://httpd.apache.org/docs/2.2/de/vhosts/examples.html) my example
doesn't look all that wrong.
Is there anything I'm overlooking?
This is my /etc/hosts:
10.170.202.5 test-clue
10.170.202.5 test-ltc
10.170.202.5 test-ltc-kr
10.170.202.5 test-dom
Could somebody please shed some light here?
TIA
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by Eric Covener <co...@gmail.com>.
On Nov 20, 2007 10:09 AM, Gregor Schneider <rc...@googlemail.com> wrote:
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerName test-clue
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-dom
> ....
> </VirtualHost>
> When I enter the url "https://test-ltc", I'm always sent to
> "https://test-clue", and I kust don't understand why.
For SSL, apache selects the virtualhost based on the IP:port
combination, because the decision must be made at the beginning of the
handshake (before the HTTP Host: header is available).
The default vhost is the first vhost specified.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by Gregor Schneider <rc...@googlemail.com>.
hi krist,
>
> Are you sure? This looks like Apache behaving against its
> specification in a big way.
>
I am sure since it's working as expected.
Afaik this issue has been discussed before, I just couldn't find it.
Against what specs should Apache behave? Any URL quoting those specs?
As I'm understanding it, Apache parses the URL of the request (after
SSL-handshake ´mumbling about a wrong cert) and then routes to the
correct ServerAlias - I can't see what should be wrong in this
behaviour.
Again, if you have any sources stating different, please let me know.
Cheers
Gregor
> Krist
>
>
>
>
> --
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by Krist van Besien <kr...@gmail.com>.
On Nov 20, 2007 4:48 PM, Gregor Schneider <rc...@googlemail.com> wrote:
> Guys,
>
> I've just solved the problem.
>
> As I said b4, I don't care about a message stating "SSL-cert is not
> valid" since it's just a test-server.
That's not the issue. You can't combine namevirtualhosts with SSL. So
any https request will go to your first *.443 virtualhost, regardless
of what you put there as servername or serveralias.
> The problem was the ServerName-directive:
>
> Now I've changed my vhost-definition to
>
> <VirtualHost *:80>
> ServerAlias test-clue
> ....
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerAlias test-clue
> ....
> </VirtualHost>
>
> This means I did not state any ServerName-directive but used
> ServerAlias instead, and everything runs like charm :)
Are you sure? This looks like Apache behaving against its
specification in a big way.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by Gregor Schneider <rc...@googlemail.com>.
Guys,
I've just solved the problem.
As I said b4, I don't care about a message stating "SSL-cert is not
valid" since it's just a test-server.
The problem was the ServerName-directive:
Now I've changed my vhost-definition to
<VirtualHost *:80>
ServerAlias test-clue
....
</VirtualHost>
<VirtualHost *:443>
ServerAlias test-clue
....
</VirtualHost>
This means I did not state any ServerName-directive but used
ServerAlias instead, and everything runs like charm :)
Thanks anyways!
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by Duncan Brannen <db...@st-andrews.ac.uk>.
You can't use Virtual Hosts like that with SSL. The SSL handshake
with keys etc comes before the client tells the server which host it's
trying
to connect to, so the server has to read the ssl config before then,
thus you
get the config for the first one.
Solution is to use IP based virtual hosts, though you might be able to do
something with server side includes and redirects that changed the home
page based on th %{HTTP_HOST} variable. I've done something like
that when i wanted https://virtualhost2 to redirect to
https://virtualhost1/host2
Help Any?
Duncan
Gregor Schneider wrote:
> Hi Guys,
>
> I always keep being puzzled about those options, and I also don't get
> enlighted by the doc.
>
> this is what I have:
>
> System: Debian Etch
>
> /etc/apache2/apaxhe2.conf:
>
> ...
> NameVirtualHost *:80
> NameVirtualHost *:443
> ...
>
> in /etc/apache2/sites-enabled I have
>
> file clue:
>
> <VirtualHost *:80>
> ServerName test-clue
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-clue
> ....
> </VirtualHost>
>
> file dom:
>
> <VirtualHost *:80>
> ServerName test-dom
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-dom
> ....
> </VirtualHost>
>
> file ltc:
>
> <VirtualHost *:80>
> ServerName test-ltc
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-ltc
> ....
> </VirtualHost>
>
> Since I'm running the test-server on one single IP, I'm aware that I'm
> getting ssl-warnings - it doesn't matter.
>
> However, this is what's driving me nuts:
>
> When I enter the url "https://test-ltc", I'm always sent to
> "https://test-clue", and I kust don't understand why.
>
> According to the docs
> (http://httpd.apache.org/docs/2.2/de/vhosts/examples.html) my example
> doesn't look all that wrong.
>
> Is there anything I'm overlooking?
>
> This is my /etc/hosts:
>
> 10.170.202.5 test-clue
> 10.170.202.5 test-ltc
> 10.170.202.5 test-ltc-kr
> 10.170.202.5 test-dom
>
> Could somebody please shed some light here?
>
> TIA
>
> Gregor
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Problem with NameVirtualHost and VirtualHost
Posted by David Cassidy <da...@twocats.co.uk>.
You can't to name based virtual hosting.
You need more IP addresses :)
The way SSL works is by connecting to the first host. It will then be
tied to that one forever...
You'd need to run the extra SSL sites on either extra IP addresses or
other port numbers.
D
On Tue, 2007-11-20 at 16:09 +0100, Gregor Schneider wrote:
> Hi Guys,
>
> I always keep being puzzled about those options, and I also don't get
> enlighted by the doc.
>
> this is what I have:
>
> System: Debian Etch
>
> /etc/apache2/apaxhe2.conf:
>
> ...
> NameVirtualHost *:80
> NameVirtualHost *:443
> ...
>
> in /etc/apache2/sites-enabled I have
>
> file clue:
>
> <VirtualHost *:80>
> ServerName test-clue
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-clue
> ....
> </VirtualHost>
>
> file dom:
>
> <VirtualHost *:80>
> ServerName test-dom
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-dom
> ....
> </VirtualHost>
>
> file ltc:
>
> <VirtualHost *:80>
> ServerName test-ltc
> ....
> </VirtualHost>
> <VirtualHost *:443>
> ServerName test-ltc
> ....
> </VirtualHost>
>
> Since I'm running the test-server on one single IP, I'm aware that I'm
> getting ssl-warnings - it doesn't matter.
>
> However, this is what's driving me nuts:
>
> When I enter the url "https://test-ltc", I'm always sent to
> "https://test-clue", and I kust don't understand why.
>
> According to the docs
> (http://httpd.apache.org/docs/2.2/de/vhosts/examples.html) my example
> doesn't look all that wrong.
>
> Is there anything I'm overlooking?
>
> This is my /etc/hosts:
>
> 10.170.202.5 test-clue
> 10.170.202.5 test-ltc
> 10.170.202.5 test-ltc-kr
> 10.170.202.5 test-dom
>
> Could somebody please shed some light here?
>
> TIA
>
> Gregor
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org