[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ssl on apache 2?



On Sun, 13 Jun 2004, Holger Schletz wrote:

> Hi,
> 
> You have to edit /etc/sysconfig/apache2 and set:
> 
> APACHE_SERVER_FLAGS="SSL"
> 
> Otherwise, the "Listen 443"-Directive will not be evaluated.

This is wrong.  Or at least it works for me without this. :)

APACHE_MODULES must, however, contain "ssl".

> Am Samstag, 12. Juni 2004 18:17 schrieb Stefan Suurmeijer:
> > Hi list,
> >
> > (long post, sorry)
> > I've decided that with my move to 9.1, it's time to move to apache2 as
> > well. But I can't seem to get the SSL connections working.
> >
> > I use a setup with multiple name based virtual hosts on port 80 and a
> > single SSL ip-based virtual host on port 443. Which worked without
> > problem on apache 1.x, but now I can't get the SSL part working (the
> > name based virtual hosts on port 80 work without problem)
> >
> > I've tried everything I can think of. httpd2 -S nicely displays the name
> > based virtual hosts without even a hint of the ssl one. It's as if it
> > never even reads the SSL virtual host .conf file. Apache starts up
> > without an error, but listens only to port 80.

This sounds very much like what I spent quite some time sorting out
as well.

> > The setup is as follows:
> >
> > listen.conf:
> >
> > Listen my.ip.add.res:80
> >
> > <IfDefine SSL>
> >     <IfDefine !NOSSL>
> >         <IfModule mod_ssl.c>
> >
> >             Listen 443
> >
> >         </IfModule>
> >     </IfDefine>
> > </IfDefine>
> >
> > NameVirtualHost my.ip.add.res:80

I had to add "Listen 443" on a line by itself.  Never mind that 
it shouldn't be necessary; it was.  Something is broken in those 
IfDefines, and I wasn't man enough to see what.

> > www.myssldomain.tld.conf:
> >
> > <IfDefine SSL>
> > <IfDefine !NOSSL>

Snip the IfDefines.  If you've got ssl setup properly (and you
do, you said it was working before) they aren't needed - and
something is broken in them.  Apache validates one or the other
to the wrong answer and the virtual host definitions are never
scanned as a result.

This was my problem and my solution, at least.

Bjørn
-- 
Bjørn Tore Sund           Phone:  (+47) 555-84894    Stupidity is like a
System administrator      Fax:    (+47) 555-89672    fractal; universal and
Math. Department          Mobile: (+47) 918 68075    infinitely repetitive.
University of Bergen      VIP:    81724
Support: system@xxxxxxxxx Contact: teknisk@xxxxxxxxx Direct: bjornts@xxxxxxxxx

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here