You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jay States <js...@mac.com> on 2002/07/16 21:04:55 UTC
SSL port-based virtual domain problem
Thanks for the help but I'm still getting error messages. I will be
more detailed. I want 5 sites to be SSL. The only ip address usable is
192.0.0.1. I have tried is:
Listen 192.0.0.1:80
Listen 192.0.0.1:443
Listen 192.0.0.1:444
Listen 192.0.0.1:445
Listen 192.0.0.1:446
Listen 192.0.0.1:447
and
NameVirtualHost 192.0.0.1:80
NameVirtualHost 192.0.0.1:443
NameVirtualHost 192.0.0.1:444
NameVirtualHost 192.0.0.1:445
NameVirtualHost 192.0.0.1:446
NameVirtualHost 192.0.0.1:447
The Virtual Config File is:
<VirtualHost 192.0.0.1:443>
ServerName admin@sample.com
DocumentRoot /usr/www/smaple
ServerName www.sample.com:443
SSLEngine on
SSLCertificateFile /usr/www/certs/*.crt
SSLCertificateKeyFile /usr/www/keys/*.key
</VirtualHost>
This is the error messages. I looked at all the tutorials and I can
find. The have these specific ports opened in the firewall and tested
to see if they work and they do. What am I doing wrong? I'm using
Apache 2 BTW.
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:80 has no
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:443 has no
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:444 has no
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:445 has no
VirtualHosts
[Tue Jul 16 15:56:52 2002] [warn] NameVirtualHost 192.0.0.1:446 has no
VirtualHosts
(48)Address already in use: make_sock: could not bind to address
192.0.0.1:446
no listening sockets available, shutting down
Big Thanks
J
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSL port-based virtual how-to?
Posted by Mark Mentovai <ma...@mentovai.com>.
Jay States:
> I was reading the stronghold .pdf and it says that port-based virtual
> hosting can not be mixed with name-based hosting directives.
Are you using Stronghold?
You are free to mix name-based and IP address/port-based virtual hosting within
the same server configuration, but not on the same IP address and port. That's
why you have multiple Listen directives, but only one NameVirtualHost
directive.
> One
> problem solved, but wait. I remove the NameVirtualHost tags and the
> next problem is this:
>
> [Tue Jul 16 18:09:26 2002] [warn] VirtualHost 24.222.3.138:444 overlaps
> with VirtualHost 24.222.3.138:444, the first has precedence, perhaps you
> need a NameVirtualHost directive
>
> Solutions?
You can't define multiple virtual hosts on the same IP address and port unless
they're name-based virtual hosts and you have used NameVirtualHost. If you try
to do so, the first such definition will mask any future ones.
As we've established, you can't use name-based virtual hosting with SSL. For
each SSL virtual server, you will need to use a different port. You will need
one Listen directive for each port ("Listen 24.222.3.138:443", "Listen
24.222.3.138:444", etc.), no NameVirtualHost directives, and one <VirtualHost>
block for each port. ("<VirtualHost 24.222.3.138:443>", "<VirtualHost
24.222.3.138:444>", etc.) Based on your error, it would seem that you have
more than one definition for "<VirtualHost 24.222.3.138:444>".
Because you can use name-based hosting for the non-SSL virtual servers, you
will use a single port with NameVirtualHost. You need "Listen 24.222.3.138:80"
and then only one NameVirtualHost directive, "NameVirtualHost 24.222.3.138:80",
combined with a series of "<VirtualHost 24.222.3.138:80>" blocks that define
each virtual server.
> Again Thanks everybody, special shout to Mark
No problem at all, glad to help.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
SSL port-based virtual how-to?
Posted by Jay States <js...@mac.com>.
I was reading the stronghold .pdf and it says that port-based virtual
hosting can not be mixed with name-based hosting directives. One
problem solved, but wait. I remove the NameVirtualHost tags and the
next problem is this:
[Tue Jul 16 18:09:26 2002] [warn] VirtualHost 24.222.3.138:444 overlaps
with VirtualHost 24.222.3.138:444, the first has precedence, perhaps you
need a NameVirtualHost directive
Solutions?
Again Thanks everybody, special shout to Mark
J
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSL port-based virtual domain problem
Posted by Mark Mentovai <ma...@mentovai.com>.
Jay States wrote:
> yes I understand that name-based is not support by SSL, but different
> ports on one IP is.
>
> so, you are telling me to use: NameVirtualHost 192.0.0.1? How do I call
> each port. In apache 2 port and listen does not work in between the
> <VirtualHost> tags.
You should have one Listen directive for each listen socket at the top level of
your configuration file:
Listen 192.0.0.1:80
Listen 192.0.0.1:443
Listen 192.0.0.1:444
Listen 192.0.0.1:445
Listen 192.0.0.1:446
You should only have one NameVirtualHost directive at the top level of your
configuration file:
NameVirtualHost 192.0.0.1:80
> Apache finds it in the ssl.conf file. If you define ssl, the httpd.conf
> calls for the ssl.conf file.
Oh, right, Apache 2.
Some of your errors seem to indicate that the <VirtualHost> blocks aren't being
found, that's what leads me to believe that this file might not be getting
looked at. You might want to try putting everything in one file.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSL port-based virtual domain problem
Posted by Jay States <js...@mac.com>.
>
> You can't host SSL sites with name-based virtual hosting, you must use
> IP
> address-based virtual hosting. "IP address-based" is colloquial and
> not an
> entirely accurate description in your case, as you'll be distinguising
> one SSL
> site from another by port. The same principles do apply.
yes I understand that name-based is not support by SSL, but different
ports on one IP is.
so, you are telling me to use: NameVirtualHost 192.0.0.1? How do I call
each port. In apache 2 port and listen does not work in between the
<VirtualHost> tags.
> What do you mean by "virtual config file?" Apache will look at
> httpd.conf by
> default, the deprecated resource (srm.conf) and access (access.conf)
> files if
> present, and any file given in an Include directive. Where have you
> created
> this "virtual config file," and how does Apache find it?
>
Apache finds it in the ssl.conf file. If you define ssl, the httpd.conf
calls for the ssl.conf file.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSL port-based virtual domain problem
Posted by Mark Mentovai <ma...@mentovai.com>.
Jay States wrote:
> Thanks for the help but I'm still getting error messages. I will be
> more detailed. I want 5 sites to be SSL. The only ip address usable is
> 192.0.0.1. I have tried is:
>
> Listen 192.0.0.1:80
> Listen 192.0.0.1:443
> Listen 192.0.0.1:444
> Listen 192.0.0.1:445
> Listen 192.0.0.1:446
> Listen 192.0.0.1:447
>
> and
>
> NameVirtualHost 192.0.0.1:80
> NameVirtualHost 192.0.0.1:443
> NameVirtualHost 192.0.0.1:444
> NameVirtualHost 192.0.0.1:445
> NameVirtualHost 192.0.0.1:446
> NameVirtualHost 192.0.0.1:447
You can't host SSL sites with name-based virtual hosting, you must use IP
address-based virtual hosting. "IP address-based" is colloquial and not an
entirely accurate description in your case, as you'll be distinguising one SSL
site from another by port. The same principles do apply.
Rip out all but the first NameVirtualHost.
> The Virtual Config File is:
What do you mean by "virtual config file?" Apache will look at httpd.conf by
default, the deprecated resource (srm.conf) and access (access.conf) files if
present, and any file given in an Include directive. Where have you created
this "virtual config file," and how does Apache find it?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org