[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: ssl on apache 2?



I think, you have to include the ssl port when stating namevirtualhost. At me it wasn't working until::

NameVirtualHost my.ip.add.res:80
NameVirtualHost my.ip.add.res:443

Csaba

Stefan Suurmeijer wrote:

Hi list,

(long post, sorry)
I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.

I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)

I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.

Any hints will be appreciated...

TIA,
Stefan



The setup is as follows:

listen.conf:

Listen my.ip.add.res:80

<IfDefine SSL>
   <IfDefine !NOSSL>
       <IfModule mod_ssl.c>

           Listen 443

       </IfModule>
   </IfDefine>
</IfDefine>

NameVirtualHost my.ip.add.res:80

and under /etc/apache2/vhosts.d I have three .conf files:

www.mydomain.tld.conf

<VirtualHost my.ip.add.res:80>
   ServerAdmin webmaster@xxxxxxxxxxxx
   ServerName www.mydomain.tld
   DocumentRoot /some/where
   HostnameLookups Off
   UseCanonicalName Off
   ServerSignature On

<Directory "/some/where">
       Options None
       AllowOverride None
       Order allow,deny
       Allow from all
</Directory>


www.myvirtualdomain.tld.conf

<VirtualHost my.ip.add.res:80>
   ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxx
   ServerName www.myvirtualdomain.tld
   DocumentRoot /some/where/else
   HostnameLookups Off
   UseCanonicalName Off
   ServerSignature On

<Directory "/some/where/else">
       Options None
       AllowOverride None
       Order allow,deny
       Allow from all
</Directory>

www.myssldomain.tld.conf:

<IfDefine SSL>
<IfDefine !NOSSL>

<VirtualHost 129.125.3.52:443>

       DocumentRoot "/some/where/secure"
       ServerName www.myssldomain.tld
       ServerAdmin webmaster@xxxxxxxxxxxxxxx
       ErrorLog /var/log/apache2/error_log
       TransferLog /var/log/apache2/access_log
       Alias /horde "/home/www-ssl/horde"
       SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
       SSLCertificateFile /etc/apache2/ssl.crt/cert.pem
       SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem
       SSLVerifyClient none
       <Files ~ "\.(cgi|shtml|phtml|php3?)$">
           SSLOptions +StdEnvVars
       </Files>
       <Directory "/srv/www/cgi-bin">
           SSLOptions +StdEnvVars
       </Directory>
       #SSLSessionCache        none
       #SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
       #SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
       SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
       SSLSessionCacheTimeout  600
       SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0 <Directory "/home/www-ssl/horde/imp">
             <Directory "/some/where/secure">
       Options Includes FollowSymLinks
       AllowOverride None
       Order allow,deny
       Allow from all
       SSLRequireSSL
       </Directory>

       ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
       <Directory "/some/where/secure/cgi-bin">
       AllowOverride None
       order allow,deny
       allow from all
       SSLRequireSSL
       </Directory>

</VirtualHost>



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here