You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tonu Mikk <tm...@umn.edu> on 2010/11/02 18:03:55 UTC
[users@httpd] IP based virtual hosts for SSL
Hello,
I hope I can get some guidance from users on this list on how to configure
virtual hosts for Apache 2.2. Eventually I would like to serve content on
port 80 and 443 on two URLs:
dsdev.domain.com and madev.domain.com, and on port 80 only on
webdev.domain.com.
Here is my scenario...
I have a server with the hostname webdev.domain.com. This is also Fully
Qualified Domain Name assigned to an IP address (example only)
204.148.170.13. I also have a DNS alias madev.domain.com that is assigned
to the same IP address. I also have a second IP address 204.148.170.14 that
has a FQDN dsdev.domain.com .
I have created two network interfaces for the server and manually configured
the IP addresses. I have also configured two virtual hosts like this:
<VirtualHost 204.148.170.13:80>
DocumentRoot "/var/www/html/madev"
ServerName madev.domain.com
<Directory "/var/www/html/madev">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 204.148.170.14:80>
DocumentRoot "/var/www/html/dsdev"
ServerName dsdev.domain.com
<Directory "/var/www/html/dsdev">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
The default Virtual Host is configured like this:
<VirtualHost *:80>
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
LogLevel warn
HostNameLookups off
ServerName webdev.domain.com
</VirtualHost>
Currently I am getting an error when I try to access webdev.domain.com with
Firefox saying "Oops! This link appears to be broken", and I don't see an
error about this in the error log.
My first question is how can I serve content on port 80 on webdev.domain.com?
When I reference the VirtualHost for webdev by specifying an IP address:
<VirtualHost 204.148.170.13:80>, I get a warning when starting Apache
"VirtualHost 204.148.170.13:80 overlaps with VirtualHost 204.148.170.13:80,
the first has precedence, perhaps you need a NameVirtualHost directive".
Secondly, I am not sure how to configure the madev and dsdev virtual host
directives to listen to port 443? When I change my Virtual Host to the
following, I am able to get to the site by simply going to
http://madev.domain.com.
<VirtualHost 128.101.172.14:80 128.101.172.14:443>
DocumentRoot "/var/www/html/madev"
ServerName dsdev.oed.umn.edu
SSLEngine on
SSLCertificateKeyFile /etc/httpd/ssl.key/madev.domain.com.key
SSLCertificateFile /etc/httpd/ssl.crt/server.csr
SSLCertificateChainFile /etc/httpd/ca_bundle/madev_domain_com_interm.cer
<Directory "/var/www/html/madev">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Any pointers is appreciated.
Thank you,
Tonu
Re: [users@httpd] IP based virtual hosts for SSL
Posted by Saravanan Kannan <my...@gmail.com>.
Dear Apache users,
We need some guidance (or) installation steps on how to implement the PKI
token certificates with Apache Web Server 2.2.3 for authentication purposes.
Currently our production environment uses the iPlanet 6.1 webserver and
Weblogic 10.0 as the application layer. The iPlanet 6.1 webserver will be
migrated to Apache 2.2.3 and the PKI Token certificate will be configured
for the authentication. We currently do not have expertise in our group in
how to configure the Apache 2.2.3 webserver with the PKI token certification
for authentication. Any reference materials or steps invovled in configuring
the PKI Token certificate for authentication will be helpful.
OS = Linux ( SLES 10 MP2)
Apache Version = 2.2.3
Application = Custom J2EE application
Application Server = WebLogic 10.0
Thank you ,
Sarva
Re: [users@httpd] IP based virtual hosts for SSL
Posted by Tonu Mikk <tm...@umn.edu>.
I got the webdev.domain.com to work using the NameVirtualHost directive
like this...
NameVirtualHost 204.148.170.13:80
and configuring the the default Virtual Host like this:
<VirtualHost 204.148.170.13:80>
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
LogLevel warn
HostNameLookups off
ServerName webdev.domain.com
</VirtualHost>
Thanks Sai!
Tonu
On Tue, Nov 2, 2010 at 12:59 PM, Sai A <ar...@gmail.com> wrote:
> Hi Tonu,
>
> I myself am a newbie so don't take my words as gospel, but it looks like
> you are getting your configuration wrong. In order to be able to access
> webdev.domain.com, you must set a NameVirtualHost from what I understand.
> You also haven't specified a document root for webdev which you should.
>
> It should be like this:
>
> NameVirtualHost *:80
>
>
> <VirtualHost *:80>
> ServerSignature email
> DirectoryIndex index.php index.html index.htm index.shtml
> LogLevel warn
> HostNameLookups off
> ServerName webdev.domain.com
> DocumentRoot <this is missing as well in your config>
> </VirtualHost>
>
> You should probably read up on NamedVirtualHosts from this link:
> http://httpd.apache.org/docs/2.2/vhosts/
>
> Sorry if this wasn't of help (or was wrong). Like I said I am a newbie
> myself :)
>
> All the best.
>
>
> On Tue, Nov 2, 2010 at 10:33 PM, Tonu Mikk <tm...@umn.edu> wrote:
>
>> Hello,
>>
>> I hope I can get some guidance from users on this list on how to configure
>> virtual hosts for Apache 2.2. Eventually I would like to serve content on
>> port 80 and 443 on two URLs:
>> dsdev.domain.com and madev.domain.com, and on port 80 only on
>> webdev.domain.com.
>>
>>
>> Here is my scenario...
>>
>> I have a server with the hostname webdev.domain.com. This is also Fully
>> Qualified Domain Name assigned to an IP address (example only)
>> 204.148.170.13. I also have a DNS alias madev.domain.com that is
>> assigned to the same IP address. I also have a second IP address
>> 204.148.170.14 that has a FQDN dsdev.domain.com .
>>
>> I have created two network interfaces for the server and manually
>> configured the IP addresses. I have also configured two virtual hosts like
>> this:
>>
>> <VirtualHost 204.148.170.13:80>
>> DocumentRoot "/var/www/html/madev"
>> ServerName madev.domain.com
>> <Directory "/var/www/html/madev">
>> AllowOverride All
>> Options Indexes FollowSymLinks
>> Order allow,deny
>> Allow from all
>> </Directory>
>> </VirtualHost>
>>
>> <VirtualHost 204.148.170.14:80>
>> DocumentRoot "/var/www/html/dsdev"
>> ServerName dsdev.domain.com
>> <Directory "/var/www/html/dsdev">
>> AllowOverride All
>> Options Indexes FollowSymLinks
>> Order allow,deny
>> Allow from all
>> </Directory>
>> </VirtualHost>
>>
>> The default Virtual Host is configured like this:
>> <VirtualHost *:80>
>> ServerSignature email
>> DirectoryIndex index.php index.html index.htm index.shtml
>> LogLevel warn
>> HostNameLookups off
>> ServerName webdev.domain.com
>> </VirtualHost>
>>
>> Currently I am getting an error when I try to access webdev.domain.comwith Firefox saying "Oops! This link appears to be broken", and I don't see
>> an error about this in the error log.
>>
>> My first question is how can I serve content on port 80 on
>> webdev.domain.com? When I reference the VirtualHost for webdev by
>> specifying an IP address:
>> <VirtualHost 204.148.170.13:80>, I get a warning when starting Apache
>> "VirtualHost 204.148.170.13:80 overlaps with VirtualHost
>> 204.148.170.13:80, the first has precedence, perhaps you need a
>> NameVirtualHost directive".
>>
>> Secondly, I am not sure how to configure the madev and dsdev virtual host
>> directives to listen to port 443? When I change my Virtual Host to the
>> following, I am able to get to the site by simply going to
>> http://madev.domain.com.
>>
>> <VirtualHost 128.101.172.14:80 128.101.172.14:443>
>> DocumentRoot "/var/www/html/madev"
>> ServerName dsdev.oed.umn.edu
>> SSLEngine on
>> SSLCertificateKeyFile /etc/httpd/ssl.key/madev.domain.com.key
>> SSLCertificateFile /etc/httpd/ssl.crt/server.csr
>> SSLCertificateChainFile /etc/httpd/ca_bundle/madev_domain_com_interm.cer
>> <Directory "/var/www/html/madev">
>> AllowOverride All
>> Options Indexes FollowSymLinks
>> Order allow,deny
>> Allow from all
>> </Directory>
>> </VirtualHost>
>>
>> Any pointers is appreciated.
>>
>> Thank you,
>>
>> Tonu
>>
>>
>
>
Re: [users@httpd] IP based virtual hosts for SSL
Posted by Sai A <ar...@gmail.com>.
Hi Tonu,
I myself am a newbie so don't take my words as gospel, but it looks like you
are getting your configuration wrong. In order to be able to access
webdev.domain.com, you must set a NameVirtualHost from what I understand.
You also haven't specified a document root for webdev which you should.
It should be like this:
NameVirtualHost *:80
<VirtualHost *:80>
ServerSignature email
DirectoryIndex index.php index.html index.htm index.shtml
LogLevel warn
HostNameLookups off
ServerName webdev.domain.com
DocumentRoot <this is missing as well in your config>
</VirtualHost>
You should probably read up on NamedVirtualHosts from this link:
http://httpd.apache.org/docs/2.2/vhosts/
Sorry if this wasn't of help (or was wrong). Like I said I am a newbie
myself :)
All the best.
On Tue, Nov 2, 2010 at 10:33 PM, Tonu Mikk <tm...@umn.edu> wrote:
> Hello,
>
> I hope I can get some guidance from users on this list on how to configure
> virtual hosts for Apache 2.2. Eventually I would like to serve content on
> port 80 and 443 on two URLs:
> dsdev.domain.com and madev.domain.com, and on port 80 only on
> webdev.domain.com.
>
>
> Here is my scenario...
>
> I have a server with the hostname webdev.domain.com. This is also Fully
> Qualified Domain Name assigned to an IP address (example only)
> 204.148.170.13. I also have a DNS alias madev.domain.com that is assigned
> to the same IP address. I also have a second IP address 204.148.170.14 that
> has a FQDN dsdev.domain.com .
>
> I have created two network interfaces for the server and manually
> configured the IP addresses. I have also configured two virtual hosts like
> this:
>
> <VirtualHost 204.148.170.13:80>
> DocumentRoot "/var/www/html/madev"
> ServerName madev.domain.com
> <Directory "/var/www/html/madev">
> AllowOverride All
> Options Indexes FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> <VirtualHost 204.148.170.14:80>
> DocumentRoot "/var/www/html/dsdev"
> ServerName dsdev.domain.com
> <Directory "/var/www/html/dsdev">
> AllowOverride All
> Options Indexes FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> The default Virtual Host is configured like this:
> <VirtualHost *:80>
> ServerSignature email
> DirectoryIndex index.php index.html index.htm index.shtml
> LogLevel warn
> HostNameLookups off
> ServerName webdev.domain.com
> </VirtualHost>
>
> Currently I am getting an error when I try to access webdev.domain.comwith Firefox saying "Oops! This link appears to be broken", and I don't see
> an error about this in the error log.
>
> My first question is how can I serve content on port 80 on
> webdev.domain.com? When I reference the VirtualHost for webdev by
> specifying an IP address:
> <VirtualHost 204.148.170.13:80>, I get a warning when starting Apache
> "VirtualHost 204.148.170.13:80 overlaps with VirtualHost 204.148.170.13:80,
> the first has precedence, perhaps you need a NameVirtualHost directive".
>
> Secondly, I am not sure how to configure the madev and dsdev virtual host
> directives to listen to port 443? When I change my Virtual Host to the
> following, I am able to get to the site by simply going to
> http://madev.domain.com.
>
> <VirtualHost 128.101.172.14:80 128.101.172.14:443>
> DocumentRoot "/var/www/html/madev"
> ServerName dsdev.oed.umn.edu
> SSLEngine on
> SSLCertificateKeyFile /etc/httpd/ssl.key/madev.domain.com.key
> SSLCertificateFile /etc/httpd/ssl.crt/server.csr
> SSLCertificateChainFile /etc/httpd/ca_bundle/madev_domain_com_interm.cer
> <Directory "/var/www/html/madev">
> AllowOverride All
> Options Indexes FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> Any pointers is appreciated.
>
> Thank you,
>
> Tonu
>
>
Re: [users@httpd] IP based virtual hosts for SSL
Posted by Tonu Mikk <tm...@umn.edu>.
Yes, indeed. Doing this works ... Thanks Chris!
<VirtualHost 128.101.172.14:80 <http://128.101.172.14/>>
DocumentRoot "/var/www/html/madev"
ServerName dsdev.oed.umn.edu
<Directory "/var/www/html/madev">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 128.101.172.14:443>
DocumentRoot "/var/www/html/madev"
ServerName dsdev.oed.umn.edu
SSLEngine on
SSLCertificateKeyFile /etc/httpd/ssl.key/madev.domain.com.key
SSLCertificateFile /etc/httpd/ssl.crt/server.csr
SSLCertificateChainFile /etc/httpd/ca_bundle/madev_domain_com_interm.cer
<Directory "/var/www/html/madev">
AllowOverride All
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
On Tue, Nov 2, 2010 at 1:22 PM, <ch...@eehmke.de> wrote:
> On Dienstag 02 November 2010, Eric Covener wrote:
> > > <VirtualHost 128.101.172.14:80 128.101.172.14:443>
> > > SSLEngine on
> >
> > You can't have SSL and non-SSL in a single vhost -- the non-ssl
> > requests that are mapped to this vhost won't work.
>
> But you can easily have two different vhosts, one on port 80, one on port
> 443
> for the same URL.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] IP based virtual hosts for SSL
Posted by ch...@eehmke.de.
On Dienstag 02 November 2010, Eric Covener wrote:
> > <VirtualHost 128.101.172.14:80 128.101.172.14:443>
> > SSLEngine on
>
> You can't have SSL and non-SSL in a single vhost -- the non-ssl
> requests that are mapped to this vhost won't work.
But you can easily have two different vhosts, one on port 80, one on port 443
for the same URL.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP based virtual hosts for SSL
Posted by Eric Covener <co...@gmail.com>.
> <VirtualHost 128.101.172.14:80 128.101.172.14:443>
> SSLEngine on
You can't have SSL and non-SSL in a single vhost -- the non-ssl
requests that are mapped to this vhost won't work.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org