You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by bruno alves teixeira <l1...@alunos.uevora.pt> on 2007/02/08 16:33:39 UTC
[users@httpd] IP-based SSL virtualhosts problem - with attachment
Hi,
I've been all over the web and mailling list archives, so I know multiple
SSL hosts on one machine is a problem for name-based virtual hosts, but
shouldn't IP aliasing and IP-based virtual hosts solve this?
I seem to be doing everything correctly but the certificate of the top
virtual host is used for all hosts. The RedirectMatch for each IP is
correct, but the top certificate is always used. You can check out the
attached file, to verify the definition of the virtual hosts.
What am I doing wrong?
Thank you for your time.
Take care.
Bruno Teixeira
[users@httpd] mod_proxy+weblogic
Posted by arun kumar <ar...@yahoo.com>.
Hi all,
I am using apache 2.2 and weblogic is my backend
Below find the configuration in httpd.conf file
ProxyPassReverse /janus balancer://test/
<Proxy balancer://test>
BalancerMember http://10.249.68.24:9001/test
BalancerMember http://10.249.68.23:7009/test
</Proxy>
ProxyPass /janus balancer://test stickysession=JSESSIONID nofailover=On
But it is giving session timeout error for me.Please let me know what is an issue??
Arun
---------------------------------
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
---------------------------------
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
Re: [users@httpd] IP-based SSL virtualhosts problem - with
attachment
Posted by bruno alves teixeira <l1...@alunos.uevora.pt>.
Hi there,
it's working fine after all. I guess it was the NameVirtualHost directive.
Thank you very much for help.
Take care.
> On 2/8/07, bruno alves teixeira <l1...@alunos.uevora.pt> wrote:
>> Hi Joshua,
>>
>> the certificates are now different for each virtual host - I sent a
>> different file earlier. I have removed the NameVirtualHost directives. I
>> still have the same problem. I've restarted apache after the changes and
>> the problem still remains, when I access 192.168.2.250 via browser, I
>> get
>> redirected to /var/www/store/, but the used certificate is the
>> "198.crt".
>>
>> Why is the Directory section not correct? It was copied from apache2's
>> default file...
>
> Putting RedirectMatch inside a <Directory> section is just silly and
> somewhat confusing, since it acts on the URL-path, not the current
> directory.
>
> Your config looks basically correct now, but you should check that
> 250.crt and 198.crt actually contain what you think they contain. You
> should also try it without the Redirects to see if anything changes.
> And try including a <VirtualHost _default_:443> to see if it picks up
> any requests.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP-based SSL virtualhosts problem - with attachment
Posted by Joshua Slive <jo...@slive.ca>.
On 2/8/07, bruno alves teixeira <l1...@alunos.uevora.pt> wrote:
> Hi Joshua,
>
> the certificates are now different for each virtual host - I sent a
> different file earlier. I have removed the NameVirtualHost directives. I
> still have the same problem. I've restarted apache after the changes and
> the problem still remains, when I access 192.168.2.250 via browser, I get
> redirected to /var/www/store/, but the used certificate is the "198.crt".
>
> Why is the Directory section not correct? It was copied from apache2's
> default file...
Putting RedirectMatch inside a <Directory> section is just silly and
somewhat confusing, since it acts on the URL-path, not the current
directory.
Your config looks basically correct now, but you should check that
250.crt and 198.crt actually contain what you think they contain. You
should also try it without the Redirects to see if anything changes.
And try including a <VirtualHost _default_:443> to see if it picks up
any requests.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP-based SSL virtualhosts problem - with
attachment
Posted by bruno alves teixeira <l1...@alunos.uevora.pt>.
Hi Joshua,
the certificates are now different for each virtual host - I sent a
different file earlier. I have removed the NameVirtualHost directives. I
still have the same problem. I've restarted apache after the changes and
the problem still remains, when I access 192.168.2.250 via browser, I get
redirected to /var/www/store/, but the used certificate is the "198.crt".
Why is the Directory section not correct? It was copied from apache2's
default file...
Thank you for your help.
Bruno Teixeira
Config file:
<VirtualHost 192.168.2.198:443>
ServerAdmin webmaster@localhost
ServerName 192.168.2.198
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/198.crt
SSLCertificateKeyFile /etc/apache2/ssl/198.key
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RedirectMatch ^/$ /site/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost 192.168.2.250:443>
ServerAdmin webmaster@localhost
ServerName 192.168.2.250
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/250.crt
SSLCertificateKeyFile /etc/apache2/ssl/250.key
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RedirectMatch ^/$ /store/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
> On 2/8/07, bruno alves teixeira <l1...@alunos.uevora.pt> wrote:
>> Hi,
>>
>> I've been all over the web and mailling list archives, so I know
>> multiple
>> SSL hosts on one machine is a problem for name-based virtual hosts, but
>> shouldn't IP aliasing and IP-based virtual hosts solve this?
>>
>> I seem to be doing everything correctly but the certificate of the top
>> virtual host is used for all hosts. The RedirectMatch for each IP is
>> correct, but the top certificate is always used. You can check out the
>> attached file, to verify the definition of the virtual hosts.
>>
>> What am I doing wrong?
>
> 1. Don't attach your config using base64 encoding and an incorrect
> mime type. Just copy-past it into the message.
>
> 2. You are not use name-based virtual hosts, therefore you shouldn't
> use the NameVirtualHost directive. See:
> http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
>
> 3. What RedirectMatch are you talking about? The only RedirectMatch
> in your config is inside a <Directory> section, which is not correct.
>
> 4. Your example config uses the same SSLCertificateFile for both
> vhosts, which is probably the main source of your problem.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IP-based SSL virtualhosts problem - with attachment
Posted by Joshua Slive <jo...@slive.ca>.
On 2/8/07, bruno alves teixeira <l1...@alunos.uevora.pt> wrote:
> Hi,
>
> I've been all over the web and mailling list archives, so I know multiple
> SSL hosts on one machine is a problem for name-based virtual hosts, but
> shouldn't IP aliasing and IP-based virtual hosts solve this?
>
> I seem to be doing everything correctly but the certificate of the top
> virtual host is used for all hosts. The RedirectMatch for each IP is
> correct, but the top certificate is always used. You can check out the
> attached file, to verify the definition of the virtual hosts.
>
> What am I doing wrong?
1. Don't attach your config using base64 encoding and an incorrect
mime type. Just copy-past it into the message.
2. You are not use name-based virtual hosts, therefore you shouldn't
use the NameVirtualHost directive. See:
http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
3. What RedirectMatch are you talking about? The only RedirectMatch
in your config is inside a <Directory> section, which is not correct.
4. Your example config uses the same SSLCertificateFile for both
vhosts, which is probably the main source of your problem.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org