You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Jay States <js...@mac.com> on 2002/07/16 21:04:55 UTC

SSL port-based virtual domain problem

Thanks for the help but I'm still getting error messages.  I will be 
more detailed.  I want 5 sites to be SSL.  The only ip address usable is 
192.0.0.1.  I have tried is:

Listen 192.0.0.1:80
Listen 192.0.0.1:443
Listen 192.0.0.1:444
Listen 192.0.0.1:445
Listen 192.0.0.1:446
Listen 192.0.0.1:447

and

NameVirtualHost 192.0.0.1:80
NameVirtualHost 192.0.0.1:443
NameVirtualHost 192.0.0.1:444
NameVirtualHost 192.0.0.1:445
NameVirtualHost 192.0.0.1:446
NameVirtualHost 192.0.0.1:447

The Virtual Config File is:

<VirtualHost 192.0.0.1:443>
         ServerName admin@sample.com
         DocumentRoot /usr/www/smaple
         ServerName www.sample.com:443
         SSLEngine on
         SSLCertificateFile /usr/www/certs/*.crt
         SSLCertificateKeyFile /usr/www/keys/*.key
</VirtualHost>

This is the error messages.  I looked at all the tutorials and I can 
find.  The have these specific ports opened in the firewall and tested 
to see if they work and they do. What am I doing wrong?  I'm using 
Apache 2 BTW.

[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:80 has no 
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:443 has no 
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:444 has no 
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:445 has no 
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:446 has no 
VirtualHosts
(48)Address already in use: make_sock: could not bind to address 
192.0.0.1:446
no listening sockets available, shutting down

Big Thanks
J


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SSL port-based virtual how-to?

Posted by Mark Mentovai <ma...@mentovai.com>.

Jay States:
> I was reading the stronghold .pdf and it says that port-based virtual 
> hosting can not be mixed with name-based hosting directives.

Are you using Stronghold?

You are free to mix name-based and IP address/port-based virtual hosting within 
the same server configuration, but not on the same IP address and port.  That's 
why you have multiple Listen directives, but only one NameVirtualHost 
directive.

> One 
> problem solved, but wait.  I remove the NameVirtualHost tags and the 
> next problem is this:
> 
> [Tue Jul 16 18:09:26 2002] [warn] VirtualHost 24.222.3.138:444 overlaps 
> with VirtualHost 24.222.3.138:444, the first has precedence, perhaps you 
> need a NameVirtualHost directive
> 
> Solutions?

You can't define multiple virtual hosts on the same IP address and port unless 
they're name-based virtual hosts and you have used NameVirtualHost.  If you try 
to do so, the first such definition will mask any future ones.

As we've established, you can't use name-based virtual hosting with SSL.  For 
each SSL virtual server, you will need to use a different port.  You will need 
one Listen directive for each port ("Listen 24.222.3.138:443", "Listen 
24.222.3.138:444", etc.), no NameVirtualHost directives, and one <VirtualHost> 
block for each port.  ("<VirtualHost 24.222.3.138:443>", "<VirtualHost 
24.222.3.138:444>", etc.)  Based on your error, it would seem that you have 
more than one definition for "<VirtualHost 24.222.3.138:444>".

Because you can use name-based hosting for the non-SSL virtual servers, you 
will use a single port with NameVirtualHost.  You need "Listen 24.222.3.138:80" 
and then only one NameVirtualHost directive, "NameVirtualHost 24.222.3.138:80", 
combined with a series of "<VirtualHost 24.222.3.138:80>" blocks that define 
each virtual server.

> Again Thanks everybody, special shout to Mark

No problem at all, glad to help.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

SSL port-based virtual how-to?

Posted by Jay States <js...@mac.com>.

I was reading the stronghold .pdf and it says that port-based virtual 
hosting can not be mixed with name-based hosting directives.  One 
problem solved, but wait.  I remove the NameVirtualHost tags and the 
next problem is this:

[Tue Jul 16 18:09:26 2002] [warn] VirtualHost 24.222.3.138:444 overlaps 
with VirtualHost 24.222.3.138:444, the first has precedence, perhaps you 
need a NameVirtualHost directive

Solutions?

Again Thanks everybody, special shout to Mark

J


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SSL port-based virtual domain problem

Posted by Mark Mentovai <ma...@mentovai.com>.

Jay States wrote:
> yes I understand that name-based is not support by SSL, but different 
> ports on one IP is.
> 
> so, you are telling me to use: NameVirtualHost 192.0.0.1? How do I call 
> each port.  In apache 2 port and listen does not work in between the 
> <VirtualHost> tags.

You should have one Listen directive for each listen socket at the top level of 
your configuration file:

Listen 192.0.0.1:80
Listen 192.0.0.1:443
Listen 192.0.0.1:444
Listen 192.0.0.1:445
Listen 192.0.0.1:446

You should only have one NameVirtualHost directive at the top level of your 
configuration file:

NameVirtualHost 192.0.0.1:80

> Apache finds it in the ssl.conf file.  If you define ssl, the httpd.conf 
> calls for the ssl.conf file.

Oh, right, Apache 2.

Some of your errors seem to indicate that the <VirtualHost> blocks aren't being 
found, that's what leads me to believe that this file might not be getting 
looked at.  You might want to try putting everything in one file.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SSL port-based virtual domain problem

Posted by Jay States <js...@mac.com>.

>
> You can't host SSL sites with name-based virtual hosting, you must use 
> IP
> address-based virtual hosting.  "IP address-based" is colloquial and 
> not an
> entirely accurate description in your case, as you'll be distinguising 
> one SSL
> site from another by port.  The same principles do apply.

yes I understand that name-based is not support by SSL, but different 
ports on one IP is.

so, you are telling me to use: NameVirtualHost 192.0.0.1? How do I call 
each port.  In apache 2 port and listen does not work in between the 
<VirtualHost> tags.

> What do you mean by "virtual config file?"  Apache will look at 
> httpd.conf by
> default, the deprecated resource (srm.conf) and access (access.conf) 
> files if
> present, and any file given in an Include directive.  Where have you 
> created
> this "virtual config file," and how does Apache find it?
>
Apache finds it in the ssl.conf file.  If you define ssl, the httpd.conf 
calls for the ssl.conf file.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: SSL port-based virtual domain problem

Posted by Mark Mentovai <ma...@mentovai.com>.

Jay States wrote:
> Thanks for the help but I'm still getting error messages.  I will be 
> more detailed.  I want 5 sites to be SSL.  The only ip address usable is 
> 192.0.0.1.  I have tried is:
> 
> Listen 192.0.0.1:80
> Listen 192.0.0.1:443
> Listen 192.0.0.1:444
> Listen 192.0.0.1:445
> Listen 192.0.0.1:446
> Listen 192.0.0.1:447
> 
> and
> 
> NameVirtualHost 192.0.0.1:80
> NameVirtualHost 192.0.0.1:443
> NameVirtualHost 192.0.0.1:444
> NameVirtualHost 192.0.0.1:445
> NameVirtualHost 192.0.0.1:446
> NameVirtualHost 192.0.0.1:447

You can't host SSL sites with name-based virtual hosting, you must use IP 
address-based virtual hosting.  "IP address-based" is colloquial and not an 
entirely accurate description in your case, as you'll be distinguising one SSL 
site from another by port.  The same principles do apply.

Rip out all but the first NameVirtualHost.

> The Virtual Config File is:

What do you mean by "virtual config file?"  Apache will look at httpd.conf by 
default, the deprecated resource (srm.conf) and access (access.conf) files if 
present, and any file given in an Include directive.  Where have you created 
this "virtual config file," and how does Apache find it?

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org