dual port 80 443

[Edwardo Garcia <wd...@gmail.com>]

Hi,
We have only few domains to manage, usually either http or https, but we
have lately had requests for both (we  know defeat purpose but customer
knows what they want and they no take monetary or personal informations on
website)

I know this works with duplication of virtualhosts, but should it also work
with
<VirtualHost 1.2.3.4:80 [2001:1:1:1::1]:80 1.2.3.4:443 [2001:1:1:1::1]:443>
...
</VirtualHost>
To avoid duplicating?
nginx does not seem to have this limitation, so I'm surprised httpd2 does.

If I omit ports, it will errors on http  if ssl engine on.

or have I overlooked option?

Willy

Re: dual port 80 443

[Stefan Eissing <st...@greenbytes.de>]

> Am 26.10.2018 um 08:48 schrieb Edwardo Garcia <wd...@gmail.com>:
> 
> Hi,
> We have only few domains to manage, usually either http or https, but we have lately had requests for both (we  know defeat purpose but customer knows what they want and they no take monetary or personal informations on website)
> 
> I know this works with duplication of virtualhosts, but should it also work with
> <VirtualHost 1.2.3.4:80 [2001:1:1:1::1]:80 1.2.3.4:443 [2001:1:1:1::1]:443>
> ...
> </VirtualHost>
> To avoid duplicating? 
> nginx does not seem to have this limitation, so I'm surprised httpd2 does.
> 
> If I omit ports, it will errors on http  if ssl engine on.
> 
> or have I overlooked option?

The usual approach is, I think, to put the generic config into its own file and include that in each vhost. It's not ideal.

Cheers,

Stefan

Re: dual port 80 443

[William A Rowe Jr <wr...@rowe-clan.net>]

This doesn't work correctly in 2.4.x... but needs to be fixed in trunk for
2.next.

The problem is that our connection rec structure defers to the vhost
structure
for the port assignment, a 1:1 mapping. We need to break this and trust the
vhost is 1:many, and the connection rec records which inbound port the
request was accepted on. And then tweak everywhere in httpd core modules
and encourage third party authors to adopt the new convention.



On Fri, Oct 26, 2018 at 1:49 AM Edwardo Garcia <wd...@gmail.com> wrote:

> Hi,
> We have only few domains to manage, usually either http or https, but we
> have lately had requests for both (we  know defeat purpose but customer
> knows what they want and they no take monetary or personal informations on
> website)
>
> I know this works with duplication of virtualhosts, but should it also
> work with
> <VirtualHost 1.2.3.4:80 [2001:1:1:1::1]:80 1.2.3.4:443
> [2001:1:1:1::1]:443>
> ...
> </VirtualHost>
> To avoid duplicating?
> nginx does not seem to have this limitation, so I'm surprised httpd2 does.
>
> If I omit ports, it will errors on http  if ssl engine on.
>
> or have I overlooked option?
>
> Willy
>
>

Re: dual port 80 443

[Chris Punches <pu...@gmail.com>]

Why not just use HSTS?

You want separate VirtualHost blocks anyway because you have to decide
where your cert/chain/key files are going to be served so you don't send
SSL traffic over port 80.  The SSL engine is enabled at the virtualhost
block level.  HSTS is more professional too.

What I do with mine is just have 2 VirtualHost blocks in one file for that
site and just have a separate conf file for each site in conf.d, then
include conf.d/* in httpd.conf.

-C

On Fri, Oct 26, 2018 at 2:49 AM Edwardo Garcia <wd...@gmail.com> wrote:

> Hi,
> We have only few domains to manage, usually either http or https, but we
> have lately had requests for both (we  know defeat purpose but customer
> knows what they want and they no take monetary or personal informations on
> website)
>
> I know this works with duplication of virtualhosts, but should it also
> work with
> <VirtualHost 1.2.3.4:80 [2001:1:1:1::1]:80 1.2.3.4:443
> [2001:1:1:1::1]:443>
> ...
> </VirtualHost>
> To avoid duplicating?
> nginx does not seem to have this limitation, so I'm surprised httpd2 does.
>
> If I omit ports, it will errors on http  if ssl engine on.
>
> or have I overlooked option?
>
> Willy
>
>