You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Matthieu Turpault <ma...@comelis.fr> on 2003/04/03 11:17:00 UTC
[users@httpd] Virtual host and SSL: Does not connect to the right Virtual host
Hi list,
I try to implement the following configuration:
- If I connect to my apache server with the IP adresse, the web
page 1 must be displayed.
- If I connect to my apache server with the DNS Name 1, the web page 1
must be displayed
- If I connect to my apache server with the DNS Name 2, the web
page 2 must be displayed but only if I use the https protocol.
- If I connect to my apache server with the DNS Name 3, the web
page 3 must be displayed
My configuration:
- Mandrake 8.2
- apache 1.3.23
- openssl 0.9.6c
My configuration file (only revelant parts):
------------- httpd.conf ---------------------
NameVirtualHost 10.1.0.11
ServerType standalone
ServerRoot /etc/httpd
PidFile /var/run/httpd.pid
ScoreBoardFile /etc/httpd/httpd.scoreboard
ErrorLog logs/error_log
LogLevel warn
ResourceConfig /dev/null
AccessConfig /dev/null
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
(...)
LoadModule ssl_module extramodules/libssl.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
ClearModuleList
AddModule mod_env.c
AddModule mod_log_config.c
(...)
AddModule mod_ssl.c
AddModule mod_vhost_alias.c
Include conf/commonhttpd.conf
Port 80
Listen 80
CustomLog logs/access_log combined env=!VLOG
CustomLog "|/usr/sbin/advxsplitlogfile" vhost env=VLOG
Include conf/vhosts/Vhosts.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 4
MaxSpareServers 10
StartServers 4
MaxClients 150
MaxRequestsPerChild 500
Include conf/addon-modules/php.conf
Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf
<Directory /var/www/*/html>
Options MultiViews
</Directory>
<VirtualHost 10.1.0.11:80>
Options ExecCgi MultiViews FollowSymlinks SymLinksIfOwnerMatch
ServerAdmin admin1@myfirm.fr
ServerName DNSName1
DocumentRoot /var/www/myfirm/site
ErrorLog logs/error_site
TransferLog logs/access_site
</VirtualHost>
<VirtualHost 10.1.0.11:80>
Options ExecCgi MultiViews FollowSymlinks SymLinksIfOwnerMatch
ServerAdmin admin3@myfirm.fr
ServerName DNSName3
DocumentRoot /var/www/tiofella
ErrorLog logs/errors_siteTiofella
TransferLog logs/access_siteTiofella
ServerAlias tiofella.com
</VirtualHost>
<VirtualHost 10.1.0.11:443>
SSLEngine on
SSLCertificateFile conf/ssl/squirrelmail.crt
SSLCertificateKeyFile conf/ssl/squirrelmail.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL
DocumentRoot /var/www/squirrelmail
ServerName DNSName2
ErrorLog /var/log/httpd/error_webmail
TransferLog /var/log/httpd/access_webmail
LogLevel debug
SSLLogLevel debug
</VirtualHost>
------------- End - httpd.conf ---------------------
------------- ssl.default-vhost.conf ---------------------
<Empty file>
------------- End - ssl.default-vhost.conf ---------------------
------------- mod_ssl.conf ---------------------
Listen 443
Listen 10.1.0.11
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog logs/ssl_engine_log
SSLLogLevel debug
------------- end - mod_ssl.conf ---------------------
With this configuration file, I can see the web page 1 and 3 with
http protocol. The web page 2 can be displayed only with http
protocol and the URL http://DNSName2:443.
If I remove the first line of httpd.conf (NameVirtualHost
10.1.0.11), I can see the web page 1 with any URL pointing to my
web server and using http protocol, I can see the web page 2
with any URL pointing to my web server and using https protocol.
I can't see web page 3.
With the configuration file without "NameVirtualHost", the log
ssl_engine_log:
------------- ssl_engine_log ----------------------
[03/Apr/2003 11:09:18 18114] [info] Server:
Apache-AdvancedExtranetServer/1.3.23, Interface: mod_ssl/2.8.7, Library:
OpenSSL/0.9.6c
[03/Apr/2003 11:09:18 18114] [info] Init: 1st startup round (still not
detached)
[03/Apr/2003 11:09:18 18114] [info] Init: Initializing OpenSSL library
[03/Apr/2003 11:09:18 18114] [info] Init: Loading certificate & private key
of SSL-aware server webmail.comelis.fr:443
[03/Apr/2003 11:09:18 18114] [trace] Init: (DNSName2:443) unencrypted RSA
private key - pass phrase not required
[03/Apr/2003 11:09:18 18114] [info] Init: Seeding PRNG with 136 bytes of
entropy
[03/Apr/2003 11:09:18 18114] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[03/Apr/2003 11:09:19 18114] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[03/Apr/2003 11:09:19 18118] [info] Init: 2nd startup round (already
detached)
[03/Apr/2003 11:09:19 18118] [info] Init: Reinitializing OpenSSL library
[03/Apr/2003 11:09:19 18118] [info] Init: Created hash-table (250 buckets)
in shared memory (512000 bytes) for SSL session cache
[03/Apr/2003 11:09:19 18118] [info] Init: Seeding PRNG with 136 bytes of
entropy
[03/Apr/2003 11:09:19 18118] [info] Init: Configuring temporary RSA private
keys (512/1024 bits)
[03/Apr/2003 11:09:19 18118] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[03/Apr/2003 11:09:19 18118] [info] Init: Initializing (virtual) servers
for SSL
[03/Apr/2003 11:09:19 18118] [info] Init: Configuring server DNSName2:443
for SSL protocol
[03/Apr/2003 11:09:19 18118] [trace] Init: (DNSName2:443) Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[03/Apr/2003 11:09:19 18118] [trace] Init: (DNSName2:443) Configuring
permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIU
M:+LOW:+SSLv2:+EXP:+eNULL]
[03/Apr/2003 11:09:19 18118] [trace] Init: (DNSName2:443) Configuring RSA
server certificate
[03/Apr/2003 11:09:19 18118] [trace] Init: (DNSName2:443) Configuring RSA
server private key
-----------end - ssl_engine_log -------------------
Do you have any clue ?
Thanks in advance
Matthieu Turpault
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org