[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ssl on apache 2?



Hi,

You have to edit /etc/sysconfig/apache2 and set:

APACHE_SERVER_FLAGS="SSL"

Otherwise, the "Listen 443"-Directive will not be evaluated.

You may also have to run SuSEconfig after editing the file.

Best Regards,
Holger


Am Samstag, 12. Juni 2004 18:17 schrieb Stefan Suurmeijer:
> Hi list,
>
> (long post, sorry)
> I've decided that with my move to 9.1, it's time to move to apache2 as
> well. But I can't seem to get the SSL connections working.
>
> I use a setup with multiple name based virtual hosts on port 80 and a
> single SSL ip-based virtual host on port 443. Which worked without
> problem on apache 1.x, but now I can't get the SSL part working (the
> name based virtual hosts on port 80 work without problem)
>
> I've tried everything I can think of. httpd2 -S nicely displays the name
> based virtual hosts without even a hint of the ssl one. It's as if it
> never even reads the SSL virtual host .conf file. Apache starts up
> without an error, but listens only to port 80.
>
> Any hints will be appreciated...
>
> TIA,
> Stefan
>
>
>
> The setup is as follows:
>
> listen.conf:
>
> Listen my.ip.add.res:80
>
> <IfDefine SSL>
>     <IfDefine !NOSSL>
>         <IfModule mod_ssl.c>
>
>             Listen 443
>
>         </IfModule>
>     </IfDefine>
> </IfDefine>
>
> NameVirtualHost my.ip.add.res:80
>
> and under /etc/apache2/vhosts.d I have three .conf files:
>
> www.mydomain.tld.conf
>
> <VirtualHost my.ip.add.res:80>
>     ServerAdmin webmaster@xxxxxxxxxxxx
>     ServerName www.mydomain.tld
>     DocumentRoot /some/where
>     HostnameLookups Off
>     UseCanonicalName Off
>     ServerSignature On
>
> <Directory "/some/where">
>         Options None
>         AllowOverride None
>         Order allow,deny
>         Allow from all
> </Directory>
>
>
> www.myvirtualdomain.tld.conf
>
> <VirtualHost my.ip.add.res:80>
>     ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxx
>     ServerName www.myvirtualdomain.tld
>     DocumentRoot /some/where/else
>     HostnameLookups Off
>     UseCanonicalName Off
>     ServerSignature On
>
> <Directory "/some/where/else">
>         Options None
>         AllowOverride None
>         Order allow,deny
>         Allow from all
> </Directory>
>
> www.myssldomain.tld.conf:
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
>
> <VirtualHost 129.125.3.52:443>
>
>         DocumentRoot "/some/where/secure"
>         ServerName www.myssldomain.tld
>         ServerAdmin webmaster@xxxxxxxxxxxxxxx
>         ErrorLog /var/log/apache2/error_log
>         TransferLog /var/log/apache2/access_log
>         Alias /horde "/home/www-ssl/horde"
>         SSLEngine on
>         SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>         SSLCertificateFile /etc/apache2/ssl.crt/cert.pem
>         SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem
>         SSLVerifyClient none
>         <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>             SSLOptions +StdEnvVars
>         </Files>
>         <Directory "/srv/www/cgi-bin">
>             SSLOptions +StdEnvVars
>         </Directory>
>         #SSLSessionCache        none
>         #SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
>         #SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
>         SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
>         SSLSessionCacheTimeout  600
>         SetEnvIf User-Agent ".*MSIE.*" \
>                  nokeepalive ssl-unclean-shutdown \
>                  downgrade-1.0 force-response-1.0        <Directory
> "/home/www-ssl/horde/imp">
>
>         <Directory "/some/where/secure">
>         Options Includes FollowSymLinks
>         AllowOverride None
>         Order allow,deny
>         Allow from all
>         SSLRequireSSL
>         </Directory>
>
>         ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
>         <Directory "/some/where/secure/cgi-bin">
>         AllowOverride None
>         order allow,deny
>         allow from all
>         SSLRequireSSL
>         </Directory>
>
> </VirtualHost>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here