You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Carlos Williams <ca...@gmail.com> on 2009/12/18 19:51:18 UTC

[users@httpd] Adding Virtual Hosts for SSL / 443

I have a server up and running with Apache  2.2.14-2. Right now in
apache my Document Root is set as /srv/http and this takes you to
www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
my Document Root called 'webmail/'. When I access the webmail
subfolder, I want to do this over port 443 (SSL). My question is how
do I keep my main site as follows:

www.mydomain.tld (http)
www.mydomain.tld/webmail (https)

Also if someone goes to www.mydomain.tld/webmail on port 80, it
redirects to port 443.

Below is what I have in my httpd.conf file but it is not correct. Can
someone please explain what I need to change or help me understand?

#Listen 443
#AddType application/x-x509-ca-cert .crt
#AddType application/x-pkcs7-crl    .crl
#SSLPassPhraseDialog  builtin
#SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
#SSLSessionCacheTimeout  300
#SSLMutex  "file:/var/run/httpd/ssl_mutex"

#<VirtualHost _default_:443>

#DocumentRoot "webmail/"
#ServerName www.mydomain.tld:443
#ServerAdmin admin@mydomain.tld
#ErrorLog "/var/log/httpd/error_log"
#TransferLog "/var/log/httpd/access_log"
#SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile "/path/to/my/ssl.crt"
#SSLCertificateKeyFile "/path/to/my/ssl.key"

#<FilesMatch "\.(cgi|shtml|phtml|php)$">
#    SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "/srv/http/cgi-bin">
#    SSLOptions +StdEnvVars
#</Directory>

#BrowserMatch ".*MSIE.*" \
#         nokeepalive ssl-unclean-shutdown \
#         downgrade-1.0 force-response-1.0

#CustomLog "/var/log/httpd/ssl_request_log" \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#</VirtualHost>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Adding Virtual Hosts for SSL / 443

Posted by Carlos Williams <ca...@gmail.com>.

On Fri, Dec 18, 2009 at 1:54 PM, Frank Gingras
<fr...@gmail.com> wrote:
> Carlos,
>
> Your directives are commented out. Remove the leading # from each line.

Yes,

I did this because when I un-comment them, it doesn't work as I
expected. Assume those comments are not there...what needs to change
or be added?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Adding Virtual Hosts for SSL / 443

Posted by Frank Gingras <fr...@gmail.com>.

Carlos Williams wrote:
> I have a server up and running with Apache  2.2.14-2. Right now in
> apache my Document Root is set as /srv/http and this takes you to
> www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
> my Document Root called 'webmail/'. When I access the webmail
> subfolder, I want to do this over port 443 (SSL). My question is how
> do I keep my main site as follows:
>
> www.mydomain.tld (http)
> www.mydomain.tld/webmail (https)
>
> Also if someone goes to www.mydomain.tld/webmail on port 80, it
> redirects to port 443.
>
> Below is what I have in my httpd.conf file but it is not correct. Can
> someone please explain what I need to change or help me understand?
>
> #Listen 443
> #AddType application/x-x509-ca-cert .crt
> #AddType application/x-pkcs7-crl    .crl
> #SSLPassPhraseDialog  builtin
> #SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
> #SSLSessionCacheTimeout  300
> #SSLMutex  "file:/var/run/httpd/ssl_mutex"
>
> #<VirtualHost _default_:443>
>
> #DocumentRoot "webmail/"
> #ServerName www.mydomain.tld:443
> #ServerAdmin admin@mydomain.tld
> #ErrorLog "/var/log/httpd/error_log"
> #TransferLog "/var/log/httpd/access_log"
> #SSLEngine on
> #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> #SSLCertificateFile "/path/to/my/ssl.crt"
> #SSLCertificateKeyFile "/path/to/my/ssl.key"
>
> #<FilesMatch "\.(cgi|shtml|phtml|php)$">
> #    SSLOptions +StdEnvVars
> #</FilesMatch>
> #<Directory "/srv/http/cgi-bin">
> #    SSLOptions +StdEnvVars
> #</Directory>
>
> #BrowserMatch ".*MSIE.*" \
> #         nokeepalive ssl-unclean-shutdown \
> #         downgrade-1.0 force-response-1.0
>
> #CustomLog "/var/log/httpd/ssl_request_log" \
> #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> #</VirtualHost>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>   
Carlos,

Your directives are commented out. Remove the leading # from each line.

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Adding Virtual Hosts for SSL / 443

Posted by Justin Pasher <ju...@newmediagateway.com>.

Carlos Williams wrote:
> I have a server up and running with Apache  2.2.14-2. Right now in
> apache my Document Root is set as /srv/http and this takes you to
> www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
> my Document Root called 'webmail/'. When I access the webmail
> subfolder, I want to do this over port 443 (SSL). My question is how
> do I keep my main site as follows:
>
> www.mydomain.tld (http)
> www.mydomain.tld/webmail (https)
>
> Also if someone goes to www.mydomain.tld/webmail on port 80, it
> redirects to port 443.
>   

I think you'll be better off and less likely to get confused in the 
script if you break out both HTTP and HTTPS into VirtualHost containers, 
then add some rewrite rules to handle the redirect. Something like this 
(bare bones, untested, substitute 1.2.3.4 for your real IP address on 
the box).

Listen 443

<VirtualHost 1.2.3.4:80>
    ServerName www.mydomain.tld
    DocumentRoot /srv/http

    RewriteEngine on
    RewriteRule ^/webmail(/?.*)  https://www.mydomain.tld/webmail$1 [R,L]
</VirtualHost>

<VirtualHost 1.2.3.4:443>
    ServerName www.mydomain.tld
    DocumentRoot /srv/http

    SSLEngine on
    SSLCipherSuite AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5
    SSLCertificateFile "/path/to/my/ssl.crt"
    SSLCertificateKeyFile "/path/to/my/ssl.key"
</VirtualHost>

If you don't understand the SSL directives, I highly recommend 
consulting the docs instead of blindly copying and pasting. You can get 
fancier and also use a rewrite rule to push HTTPS traffic back to HTTP 
if it doesn't start with /webmail.

--
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org