You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Shai <sh...@gmail.com> on 2006/05/26 04:59:38 UTC
[users@httpd] separate logs for aliases
Hi,
Since I'm a home user and I only have 1 IP but I still want to make
access to my SSL secured sites, I decided I can't use vhosts since
those either need to configure different ports or separate IP per
vhost.
So what I want to use now are aliases like:
https://mydomain.com/webmail
and
https://mydomain.com/admin
etc etc ...
That said, I still want to have separate logs per site. Can that be
done? If yes, how?
Thanks in advance,
Shai
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Brian Rectanus <br...@gmail.com>.
On 5/25/06, Bill Angus <md...@psychtest.com> wrote:
>
>
> You can use one IP and have a secure-server as well as a name-based virtual
> hosting server for port 80. Just run two instances of Apache. The apache
> monitor is capable of reporting and controlling both.
>
> You are right that using name-based hosting on port 80 will cause the
> SSL-port server to crap out completely. That's why I suggest you start
> another server.
Not sure I follow you here. This works fine:
NameVirtualHost *:80
Listen 80
<VirtualHost *:80>
ServerName foo
...
</VirtualHost>
<VirtualHost *:80>
ServerName bar
...
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName foo
...
</VirtualHost>
>
> I set mine up using a single domain. When I got an inexpensive cert, I
> specified the secure site as secure.my_domain.com
Why? This just confuses users and is unneeded. non-ssl is port 80,
ssl is port 443. These can easily be two separate vhosts and you can
use the same servername.
>
> The regular http on port 80 still works fine with two different name-based
> virtual hosts www.my_domain.com and www.my_other_domain.com
>
> With this you also get the option of completely separate configurations --
> and so of course you may have separate logs.
You get that with vhosts as well. You can even put them in separate
files and Include if you want.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Bill Angus <md...@psychtest.com>.
You can use one IP and have a secure-server as well as a name-based virtual hosting server for port 80. Just run two instances of Apache. The apache monitor is capable of reporting and controlling both.
You are right that using name-based hosting on port 80 will cause the SSL-port server to crap out completely. That's why I suggest you start another server.
I set mine up using a single domain. When I got an inexpensive cert, I specified the secure site as secure.my_domain.com
The regular http on port 80 still works fine with two different name-based virtual hosts www.my_domain.com and www.my_other_domain.com
With this you also get the option of completely separate configurations -- and so of course you may have separate logs.
Bill Angus
----- Original Message -----
From: Shai
To: users@httpd.apache.org
Sent: Thursday, May 25, 2006 7:59 PM
Subject: [users@httpd] separate logs for aliases
Hi,
Since I'm a home user and I only have 1 IP but I still want to make
access to my SSL secured sites, I decided I can't use vhosts since
those either need to configure different ports or separate IP per
vhost.
So what I want to use now are aliases like:
https://mydomain.com/webmail
and
https://mydomain.com/admin
etc etc ...
That said, I still want to have separate logs per site. Can that be
done? If yes, how?
Thanks in advance,
Shai
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Om <om...@effigent.net>.
Hi Shai,
you can cross check once again in the apache2.2.2 manual.
Check the Virtual hosts section.
I read that.
That configuration is working fine.
Can you please implement that and check once.
Thanks,
Om.
Shai wrote:
> On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
>> On 5/26/06, Shai <sh...@gmail.com> wrote:
>> > But everyone told me that each site needs its own IP or port to run on
>> > when it comes to SSL....
>>
>> It does. It is impossible to do name based vhosting w/SSL because of
>> how SSL works. SSL must negotiate before the HTTP Host header can be
>> seen. I don't even want to start that argument again ;)
>
> Don't start it, I already knew what I wanted to do. But do you know
> what Om is talking about?
>
> Shai
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Shai <sh...@gmail.com>.
On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> On 5/26/06, Shai <sh...@gmail.com> wrote:
> > But everyone told me that each site needs its own IP or port to run on
> > when it comes to SSL....
>
> It does. It is impossible to do name based vhosting w/SSL because of
> how SSL works. SSL must negotiate before the HTTP Host header can be
> seen. I don't even want to start that argument again ;)
Don't start it, I already knew what I wanted to do. But do you know
what Om is talking about?
Shai
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Brian Rectanus <br...@gmail.com>.
On 5/26/06, Shai <sh...@gmail.com> wrote:
> But everyone told me that each site needs its own IP or port to run on
> when it comes to SSL....
It does. It is impossible to do name based vhosting w/SSL because of
how SSL works. SSL must negotiate before the HTTP Host header can be
seen. I don't even want to start that argument again ;)
-B
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Shai <sh...@gmail.com>.
But everyone told me that each site needs its own IP or port to run on
when it comes to SSL....
On 5/26/06, Om <om...@effigent.net> wrote:
> Hi,
>
> I am using apache 2.2.2
> and I am running multiple sites on SSL.
> It works fine.
>
> <VirtualHost 192.168.1.3:443>
> # General setup for the virtual host
> DocumentRoot "/www/docs/site1"
> ServerName site1.mydomain.com
> ServerAdmin admin@mydomain.com
> ErrorLog /opt/apache2.2/logs/error_log
> TransferLog /opt/apache2.2/logs/access_log
> SSLEngine on
> SSLCertificateFile /opt/apache2.2/sslkeys/server.crt
> SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /opt/apache2.2/logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
>
> <VirtualHost 192.168.1.3:443>
> # General setup for the virtual host
> DocumentRoot "/www/docs/site2"
> ServerName site2.mydomain.com
> ServerAdmin admin@mydomain.com
> ErrorLog /opt/apache2.2/logs/error_log
> TransferLog /opt/apache2.2/logs/access_log
>
> SSLEngine on
> SSLCertificateFile /opt/apache2.2/sslkeys/server1.crt
> SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog /opt/apache2.2/logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
> You will not all the directives of the above configuration.
> Let me know the result.
>
> Thanks,
> Om.
> omprakash@effigent.net
> +91 9866 666460
>
>
>
>
>
>
> Brian Rectanus wrote:
> > On 5/26/06, Shai <sh...@gmail.com> wrote:
> >> On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> >> > On 5/25/06, Shai <sh...@gmail.com> wrote:
> >> > > Hi,
> >> > >
> >> > > Since I'm a home user and I only have 1 IP but I still want to make
> >> > > access to my SSL secured sites, I decided I can't use vhosts since
> >> > > those either need to configure different ports or separate IP per
> >> > > vhost.
> >> > >
> >> > > So what I want to use now are aliases like:
> >> > >
> >> > > https://mydomain.com/webmail
> >> > > and
> >> > > https://mydomain.com/admin
> >> > >
> >> > > etc etc ...
> >> > >
> >> > > That said, I still want to have separate logs per site. Can that be
> >> > > done? If yes, how?
> >> > >
> >> > > Thanks in advance,
> >> > > Shai
> >> > >
> >> >
> >> > Couple of different ways:
> >> >
> >> > 1) Set env vars for different 'sites'
> >> >
> >> > SetEnvIf Request_URI ^/webmail site-webmail
> >> > SetEnvIf Request_URI ^/admin site-admin
> >> > CustomLog webmail-access_log common env=site-webmail
> >> > CustomLog admin-access_log common env=site-admin
> >> >
> >> > 2) Reverse proxy to vhost on localhost port
> >> >
> >> > Listen 443
> >> > <VirtualHost *:443>
> >> > ...
> >> > ProxyPass /webmail/ http://localhost:8443/
> >> > ProxyPass /admin/ http://localhost:9443/
> >> > ProxyPassReverse /webmail/ http://localhost:8443/
> >> > ProxyPassReverse /admin/ http://localhost:9443/
> >> > </VirtualHost>
> >> >
> >> > Listen localhost:8443
> >> > <VirtualHost *:8443>
> >> > ...
> >> > </VirtualHost>
> >> >
> >> > Listen localhost:9443
> >> > <VirtualHost *:9443>
> >> > ...
> >> > </VirtualHost>
> >> >
> >> > Well, there is two ways at least.
> >> >
> >> > -B
> >>
> >> Brian,
> >>
> >> Thanks for your quick response :)
> >>
> >> I just don't understand exactly why you placed those 3 dots here:
> >> <VirtualHost *:443>
> >> ...
> >>
> >> What exactly did you imply i should place in this vhost directive?
> >>
> >> Also, I think that in the other two vhosts you want me to put the same
> >> info I have today in my vhosts?
> >>
> >> Thanks for your help,
> >> Shai
> >
> > Actually, I was a bit tired when I wrote that ;) So, change 8443 =>
> > 8001, 9443 => 8002 (they were not intended to be SSL)
> >
> > You would setup the 443 virtual host to minimally serve mydomain.com
> > SSL with minimal logging, but put the handlers for webmail and admin
> > in the 8001 and 8002 virtual hosts. The actual handling is done in
> > the 8001/8002 with 443 deciding which of those to call. You might
> > also want a non-ssl *:80 virtual host with a redirect to SSL (if you
> > want to force SSL always):
> >
> > <VirtualHost *:80>
> > ServerName mydomain.com
> > ...
> > RewriteEngine On
> > RewriteRule ^/(.*) https://mydomain.com/$1 [R,L]
> > </VirtualHost>
> >
> > The '...' being anything else you need (logging maybe), but not required.
> >
> > Also, if you have problems with the /webmail and /admin prefixes
> > messing things up (being stripped off), then setup the 8001/8002
> > vhosts with them and add the prefix onto the right hand side of the
> > ProxyPass[Reverse] lines (ProxyPass /webmail
> > https://localhost/webmail, etc.).
> >
> > Does that make more sense? This is just a reverse proxy setup (see
> > http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details
> > and syntax)
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Om <om...@effigent.net>.
Hi,
I am using apache 2.2.2
and I am running multiple sites on SSL.
It works fine.
<VirtualHost 192.168.1.3:443>
# General setup for the virtual host
DocumentRoot "/www/docs/site1"
ServerName site1.mydomain.com
ServerAdmin admin@mydomain.com
ErrorLog /opt/apache2.2/logs/error_log
TransferLog /opt/apache2.2/logs/access_log
SSLEngine on
SSLCertificateFile /opt/apache2.2/sslkeys/server.crt
SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /opt/apache2.2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.1.3:443>
# General setup for the virtual host
DocumentRoot "/www/docs/site2"
ServerName site2.mydomain.com
ServerAdmin admin@mydomain.com
ErrorLog /opt/apache2.2/logs/error_log
TransferLog /opt/apache2.2/logs/access_log
SSLEngine on
SSLCertificateFile /opt/apache2.2/sslkeys/server1.crt
SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /opt/apache2.2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
You will not all the directives of the above configuration.
Let me know the result.
Thanks,
Om.
omprakash@effigent.net
+91 9866 666460
Brian Rectanus wrote:
> On 5/26/06, Shai <sh...@gmail.com> wrote:
>> On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
>> > On 5/25/06, Shai <sh...@gmail.com> wrote:
>> > > Hi,
>> > >
>> > > Since I'm a home user and I only have 1 IP but I still want to make
>> > > access to my SSL secured sites, I decided I can't use vhosts since
>> > > those either need to configure different ports or separate IP per
>> > > vhost.
>> > >
>> > > So what I want to use now are aliases like:
>> > >
>> > > https://mydomain.com/webmail
>> > > and
>> > > https://mydomain.com/admin
>> > >
>> > > etc etc ...
>> > >
>> > > That said, I still want to have separate logs per site. Can that be
>> > > done? If yes, how?
>> > >
>> > > Thanks in advance,
>> > > Shai
>> > >
>> >
>> > Couple of different ways:
>> >
>> > 1) Set env vars for different 'sites'
>> >
>> > SetEnvIf Request_URI ^/webmail site-webmail
>> > SetEnvIf Request_URI ^/admin site-admin
>> > CustomLog webmail-access_log common env=site-webmail
>> > CustomLog admin-access_log common env=site-admin
>> >
>> > 2) Reverse proxy to vhost on localhost port
>> >
>> > Listen 443
>> > <VirtualHost *:443>
>> > ...
>> > ProxyPass /webmail/ http://localhost:8443/
>> > ProxyPass /admin/ http://localhost:9443/
>> > ProxyPassReverse /webmail/ http://localhost:8443/
>> > ProxyPassReverse /admin/ http://localhost:9443/
>> > </VirtualHost>
>> >
>> > Listen localhost:8443
>> > <VirtualHost *:8443>
>> > ...
>> > </VirtualHost>
>> >
>> > Listen localhost:9443
>> > <VirtualHost *:9443>
>> > ...
>> > </VirtualHost>
>> >
>> > Well, there is two ways at least.
>> >
>> > -B
>>
>> Brian,
>>
>> Thanks for your quick response :)
>>
>> I just don't understand exactly why you placed those 3 dots here:
>> <VirtualHost *:443>
>> ...
>>
>> What exactly did you imply i should place in this vhost directive?
>>
>> Also, I think that in the other two vhosts you want me to put the same
>> info I have today in my vhosts?
>>
>> Thanks for your help,
>> Shai
>
> Actually, I was a bit tired when I wrote that ;) So, change 8443 =>
> 8001, 9443 => 8002 (they were not intended to be SSL)
>
> You would setup the 443 virtual host to minimally serve mydomain.com
> SSL with minimal logging, but put the handlers for webmail and admin
> in the 8001 and 8002 virtual hosts. The actual handling is done in
> the 8001/8002 with 443 deciding which of those to call. You might
> also want a non-ssl *:80 virtual host with a redirect to SSL (if you
> want to force SSL always):
>
> <VirtualHost *:80>
> ServerName mydomain.com
> ...
> RewriteEngine On
> RewriteRule ^/(.*) https://mydomain.com/$1 [R,L]
> </VirtualHost>
>
> The '...' being anything else you need (logging maybe), but not required.
>
> Also, if you have problems with the /webmail and /admin prefixes
> messing things up (being stripped off), then setup the 8001/8002
> vhosts with them and add the prefix onto the right hand side of the
> ProxyPass[Reverse] lines (ProxyPass /webmail
> https://localhost/webmail, etc.).
>
> Does that make more sense? This is just a reverse proxy setup (see
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details
> and syntax)
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Shai <sh...@gmail.com>.
On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> On 5/26/06, Shai <sh...@gmail.com> wrote:
> > On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> > > On 5/25/06, Shai <sh...@gmail.com> wrote:
> > > > Hi,
> > > >
> > > > Since I'm a home user and I only have 1 IP but I still want to make
> > > > access to my SSL secured sites, I decided I can't use vhosts since
> > > > those either need to configure different ports or separate IP per
> > > > vhost.
> > > >
> > > > So what I want to use now are aliases like:
> > > >
> > > > https://mydomain.com/webmail
> > > > and
> > > > https://mydomain.com/admin
> > > >
> > > > etc etc ...
> > > >
> > > > That said, I still want to have separate logs per site. Can that be
> > > > done? If yes, how?
> > > >
> > > > Thanks in advance,
> > > > Shai
> > > >
> > >
> > > Couple of different ways:
> > >
> > > 1) Set env vars for different 'sites'
> > >
> > > SetEnvIf Request_URI ^/webmail site-webmail
> > > SetEnvIf Request_URI ^/admin site-admin
> > > CustomLog webmail-access_log common env=site-webmail
> > > CustomLog admin-access_log common env=site-admin
> > >
> > > 2) Reverse proxy to vhost on localhost port
> > >
> > > Listen 443
> > > <VirtualHost *:443>
> > > ...
> > > ProxyPass /webmail/ http://localhost:8443/
> > > ProxyPass /admin/ http://localhost:9443/
> > > ProxyPassReverse /webmail/ http://localhost:8443/
> > > ProxyPassReverse /admin/ http://localhost:9443/
> > > </VirtualHost>
> > >
> > > Listen localhost:8443
> > > <VirtualHost *:8443>
> > > ...
> > > </VirtualHost>
> > >
> > > Listen localhost:9443
> > > <VirtualHost *:9443>
> > > ...
> > > </VirtualHost>
> > >
> > > Well, there is two ways at least.
> > >
> > > -B
> >
> > Brian,
> >
> > Thanks for your quick response :)
> >
> > I just don't understand exactly why you placed those 3 dots here:
> > <VirtualHost *:443>
> > ...
> >
> > What exactly did you imply i should place in this vhost directive?
> >
> > Also, I think that in the other two vhosts you want me to put the same
> > info I have today in my vhosts?
> >
> > Thanks for your help,
> > Shai
>
> Actually, I was a bit tired when I wrote that ;) So, change 8443 =>
> 8001, 9443 => 8002 (they were not intended to be SSL)
>
> You would setup the 443 virtual host to minimally serve mydomain.com
> SSL with minimal logging, but put the handlers for webmail and admin
> in the 8001 and 8002 virtual hosts. The actual handling is done in
> the 8001/8002 with 443 deciding which of those to call. You might
> also want a non-ssl *:80 virtual host with a redirect to SSL (if you
> want to force SSL always):
>
> <VirtualHost *:80>
> ServerName mydomain.com
> ...
> RewriteEngine On
> RewriteRule ^/(.*) https://mydomain.com/$1 [R,L]
> </VirtualHost>
>
> The '...' being anything else you need (logging maybe), but not required.
>
> Also, if you have problems with the /webmail and /admin prefixes
> messing things up (being stripped off), then setup the 8001/8002
> vhosts with them and add the prefix onto the right hand side of the
> ProxyPass[Reverse] lines (ProxyPass /webmail
> https://localhost/webmail, etc.).
>
> Does that make more sense? This is just a reverse proxy setup (see
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details
> and syntax)
I'll get working on it and if I run into problems, i'll ask ;)
Cheers and thanks for your time.
Shai
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Brian Rectanus <br...@gmail.com>.
On 5/26/06, Shai <sh...@gmail.com> wrote:
> On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> > On 5/25/06, Shai <sh...@gmail.com> wrote:
> > > Hi,
> > >
> > > Since I'm a home user and I only have 1 IP but I still want to make
> > > access to my SSL secured sites, I decided I can't use vhosts since
> > > those either need to configure different ports or separate IP per
> > > vhost.
> > >
> > > So what I want to use now are aliases like:
> > >
> > > https://mydomain.com/webmail
> > > and
> > > https://mydomain.com/admin
> > >
> > > etc etc ...
> > >
> > > That said, I still want to have separate logs per site. Can that be
> > > done? If yes, how?
> > >
> > > Thanks in advance,
> > > Shai
> > >
> >
> > Couple of different ways:
> >
> > 1) Set env vars for different 'sites'
> >
> > SetEnvIf Request_URI ^/webmail site-webmail
> > SetEnvIf Request_URI ^/admin site-admin
> > CustomLog webmail-access_log common env=site-webmail
> > CustomLog admin-access_log common env=site-admin
> >
> > 2) Reverse proxy to vhost on localhost port
> >
> > Listen 443
> > <VirtualHost *:443>
> > ...
> > ProxyPass /webmail/ http://localhost:8443/
> > ProxyPass /admin/ http://localhost:9443/
> > ProxyPassReverse /webmail/ http://localhost:8443/
> > ProxyPassReverse /admin/ http://localhost:9443/
> > </VirtualHost>
> >
> > Listen localhost:8443
> > <VirtualHost *:8443>
> > ...
> > </VirtualHost>
> >
> > Listen localhost:9443
> > <VirtualHost *:9443>
> > ...
> > </VirtualHost>
> >
> > Well, there is two ways at least.
> >
> > -B
>
> Brian,
>
> Thanks for your quick response :)
>
> I just don't understand exactly why you placed those 3 dots here:
> <VirtualHost *:443>
> ...
>
> What exactly did you imply i should place in this vhost directive?
>
> Also, I think that in the other two vhosts you want me to put the same
> info I have today in my vhosts?
>
> Thanks for your help,
> Shai
Actually, I was a bit tired when I wrote that ;) So, change 8443 =>
8001, 9443 => 8002 (they were not intended to be SSL)
You would setup the 443 virtual host to minimally serve mydomain.com
SSL with minimal logging, but put the handlers for webmail and admin
in the 8001 and 8002 virtual hosts. The actual handling is done in
the 8001/8002 with 443 deciding which of those to call. You might
also want a non-ssl *:80 virtual host with a redirect to SSL (if you
want to force SSL always):
<VirtualHost *:80>
ServerName mydomain.com
...
RewriteEngine On
RewriteRule ^/(.*) https://mydomain.com/$1 [R,L]
</VirtualHost>
The '...' being anything else you need (logging maybe), but not required.
Also, if you have problems with the /webmail and /admin prefixes
messing things up (being stripped off), then setup the 8001/8002
vhosts with them and add the prefix onto the right hand side of the
ProxyPass[Reverse] lines (ProxyPass /webmail
https://localhost/webmail, etc.).
Does that make more sense? This is just a reverse proxy setup (see
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details
and syntax)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Shai <sh...@gmail.com>.
On 5/26/06, Brian Rectanus <br...@gmail.com> wrote:
> On 5/25/06, Shai <sh...@gmail.com> wrote:
> > Hi,
> >
> > Since I'm a home user and I only have 1 IP but I still want to make
> > access to my SSL secured sites, I decided I can't use vhosts since
> > those either need to configure different ports or separate IP per
> > vhost.
> >
> > So what I want to use now are aliases like:
> >
> > https://mydomain.com/webmail
> > and
> > https://mydomain.com/admin
> >
> > etc etc ...
> >
> > That said, I still want to have separate logs per site. Can that be
> > done? If yes, how?
> >
> > Thanks in advance,
> > Shai
> >
>
> Couple of different ways:
>
> 1) Set env vars for different 'sites'
>
> SetEnvIf Request_URI ^/webmail site-webmail
> SetEnvIf Request_URI ^/admin site-admin
> CustomLog webmail-access_log common env=site-webmail
> CustomLog admin-access_log common env=site-admin
>
> 2) Reverse proxy to vhost on localhost port
>
> Listen 443
> <VirtualHost *:443>
> ...
> ProxyPass /webmail/ http://localhost:8443/
> ProxyPass /admin/ http://localhost:9443/
> ProxyPassReverse /webmail/ http://localhost:8443/
> ProxyPassReverse /admin/ http://localhost:9443/
> </VirtualHost>
>
> Listen localhost:8443
> <VirtualHost *:8443>
> ...
> </VirtualHost>
>
> Listen localhost:9443
> <VirtualHost *:9443>
> ...
> </VirtualHost>
>
> Well, there is two ways at least.
>
> -B
Brian,
Thanks for your quick response :)
I just don't understand exactly why you placed those 3 dots here:
<VirtualHost *:443>
...
What exactly did you imply i should place in this vhost directive?
Also, I think that in the other two vhosts you want me to put the same
info I have today in my vhosts?
Thanks for your help,
Shai
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] separate logs for aliases
Posted by Brian Rectanus <br...@gmail.com>.
On 5/25/06, Shai <sh...@gmail.com> wrote:
> Hi,
>
> Since I'm a home user and I only have 1 IP but I still want to make
> access to my SSL secured sites, I decided I can't use vhosts since
> those either need to configure different ports or separate IP per
> vhost.
>
> So what I want to use now are aliases like:
>
> https://mydomain.com/webmail
> and
> https://mydomain.com/admin
>
> etc etc ...
>
> That said, I still want to have separate logs per site. Can that be
> done? If yes, how?
>
> Thanks in advance,
> Shai
>
Couple of different ways:
1) Set env vars for different 'sites'
SetEnvIf Request_URI ^/webmail site-webmail
SetEnvIf Request_URI ^/admin site-admin
CustomLog webmail-access_log common env=site-webmail
CustomLog admin-access_log common env=site-admin
2) Reverse proxy to vhost on localhost port
Listen 443
<VirtualHost *:443>
...
ProxyPass /webmail/ http://localhost:8443/
ProxyPass /admin/ http://localhost:9443/
ProxyPassReverse /webmail/ http://localhost:8443/
ProxyPassReverse /admin/ http://localhost:9443/
</VirtualHost>
Listen localhost:8443
<VirtualHost *:8443>
...
</VirtualHost>
Listen localhost:9443
<VirtualHost *:9443>
...
</VirtualHost>
Well, there is two ways at least.
-B
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org