Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: http and https sites sharing the same VirtualHost config blo |
|
| Author |
|
AdamR
Joined: 03 Oct 2006
Posts: 12
Location: Cardiff, South Wales
|
 Posted: Sun 21 Mar '10 1:34 Post subject: http and https sites sharing the same VirtualHost config blo |
 |
|
I'm trying to be lazy with my configuration here. I'm using named virtual hosts to sub-domain different websites in the usual fashion (which is working fine might I add), but also optionally shove SSL on them.
I am not using extra-vhosts.conf or extra-ssl.conf at all, instead doing it all in my own (not httpd.conf either) configuration file as follows: (in b4 lolwindows)
| Code: | NameVirtualHost *:80
NameVirtualHost *:443
SSLMutex default
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:cache/secure(512000)
SSLSessionCacheTimeout 300
# Home site
<VirtualHost *:80 *:443>
ServerAlias www.bean.tld bean.tld server.bean.tld
ServerName www.bean.tld
ServerAdmin ADAM@BEAN.TLD
DocumentRoot "C:/LOLWEBS/home/public_html"
CustomLog "C:/LOLWEBS/home/logs/access.log" combined
ErrorLog "C:/LOLWEBS/home/logs/error.log"
<Directory "C:/LOLWEBS/home/public_html">
Options Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin "C:/LOLWEBS/home/cgi-bin"
<Directory "C:/LOLWEBS/home/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
AddHandler cgi-script .cgi .pl .py
AddHandler asp.net asax ascx ashx asmx aspx axd config cs csproj licx rem resources resx soap vb vbproj vsdisco webinfo
</Directory>
# AwStats
Alias /awstatsclasses "C:/LOLWEBS/home/apps/awstats/wwwroot/classes/"
Alias /awstatscss "C:/LOLWEBS/home/apps/awstats/wwwroot/css/"
Alias /awstatsicons "C:/LOLWEBS/home/apps/awstats/wwwroot/icon/"
Alias /stats "C:/LOLWEBS/home/apps/awstats/wwwroot/"
ScriptAlias /awstats "C:/LOLWEBS/home/apps/awstats/wwwroot/cgi-bin/"
<Directory "C:/LOLWEBS/home/apps/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAlias www.bean.tld bean.tld server.bean.tld
ServerName www.bean.tld
CustomLog "C:/LOLWEBS/home/logs/access_ssl.log" combined
CustomLog "C:/LOLWEBS/home/logs/ssl_requests.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ErrorLog "C:/LOLWEBS/home/logs/error_ssl.log"
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite -ALL:MEDIUM+RC4+SHA:HIGH+AES+SHA:-ADH:-DSS
SSLVerifyClient optional
SSLVerifyDepth 10
SSLCertificateKeyFile "C:/ROFLCERTS/Keys/hurr durr.key"
SSLCertificateFile "C:/ROFLCERTS/Certs/www.bean.tld HTTPS.crt"
SSLCertificateChainFile "C:/ROFLCERTS/Certs/bean.tld CA.crt"
SSLCACertificateFile "C:/ROFLCERTS/Certs/bean.tld CA.crt"
SSLCARevocationFile "C:/ROFLCERTS/Revoked/bean.tld CA.crl"
SSLProxyEngine on
SSLProxyProtocol -ALL +SSLv3 +TLSv1
SSLProxyCipherSuite -ALL:MEDIUM+RC4+SHA:HIGH+AES+SHA:-ADH:-DSS
SSLProxyVerify optional
SSLProxyVerifyDepth 10
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<DirectoryMatch "/cgi-bin/">
SSLOptions +StdEnvVars
</DirectoryMatch>
<FilesMatch "\.(cgi|shtml|phtml|php|pl|py)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
# HLDS content
<VirtualHost *:80 *:443>
ServerAlias hlds.bean.tld
ServerName hlds.bean.tld
ServerAdmin ADAM@BEAN.TLD
DocumentRoot "C:/LOLWEBS/hlds/public_html"
CustomLog "C:/LOLWEBS/hlds/logs/access.log" combined
ErrorLog "C:/LOLWEBS/hlds/logs/error.log"
<Directory "C:/LOLWEBS/hlds/public_html">
Options Includes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
Allow from all
Deny from none
</Directory>
Alias /ns "C:/DERPDERPDERP/ns/"
Alias /svencoop "C:/DERPDERPDERP/svencoop/"
Alias /svencoop3 "C:/DERPDERPDERP/svencoop3/"
Alias /tfc "C:/DERPDERPDERP/tfc/"
Alias /valve "C:/DERPDERPDERP/valve/"
<Directory "C:/DERPDERPDERP">
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from none
Deny from all
</Directory>
<DirectoryMatch "^C:/DERPDERPDERP/.*/(gfx|maps|models|recommended_sounds|sound|sounds|sprites)/">
Order allow,deny
Allow from all
Deny from none
</DirectoryMatch>
<FilesMatch "\.wad$">
Order allow,deny
Allow from all
Deny from none
</FilesMatch>
<FilesMatch "\.ztmp$">
Order allow,deny
Allow from none
Deny from all
</FilesMatch>
<FilesMatch "^auto_soundlist\.txt$">
Order allow,deny
Allow from none
Deny from all
</FilesMatch>
</VirtualHost> |
As you can see, each site shares a configuration for port 80 and port 443, but then each site that I want SSL for I give another port 443 section to define it's SSL options.
However, the SSL sites are currently inaccessible. I instantly get a "connection has been reset" message in Firecat for ALL sites, whether it has a specified SSL configuration block or not.
My guess would be that there are multiple ServerAlias matches across 2 VirtualHost blocks, meaning the SSL ones I'm putting in are being ignored. Perhaps if there was a way if doing if port == 443 within the virtual hosts, what I'm trying to do would work.
Is this the correct lazy way to combine HTTP/HTTPS virtual hosts? Or amidoinitwrong? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 22 Mar '10 8:07 Post subject: |
|
|
I would think your error log would be screaming the answer ... and I think it might be on the lines of (no where near word for word)
example host is a duplicate of this other host (or overlapping) and therefore the first one takes precedence [read: ignoring the second vhost container thereby not loading the ssl directives] as you suggest.
Curious, did you check the error log?
On your second note .. I agree. We have a limited set of directives that allow the env=some_var tacked on the end. It would be nice if it could be used on the Include directive alone. That would allow a whole world of opportunity.
The next version of Apache (2.4?) will have what you want. <If></If>
http://httpd.apache.org/docs/trunk/mod/core.html#if |
|
| Back to top |
|
AdamR
Joined: 03 Oct 2006
Posts: 12
Location: Cardiff, South Wales
|
| Posted: Mon 22 Mar '10 12:22 Post subject: |
|
|
I did try putting the SSL part first which appeared to work via https://, but then I noticed the SSL part wasn't actually there.
I'll follow Blackdot's guide and see if I can build 2.3.5 alpha to get that new feature.
Neither the site-specific or server error.log said there were any problems. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 22 Mar '10 21:04 Post subject: |
|
|
Adam,
Not sure you want to go that route (2.3.5-alpha) because it is an alpha. However, if you can live with a Win32 build of 2.3.5 have a look at the downloads at www.apachehaus.com , there is a 32bit 2.3.5 available.
2.3.5 Limitations.
PHP can only be used through FCGID since ph5apache2_3.dll is non existent and 2_2 will not load. No Biggie.
I have not gotten any third party module to work with 2.3.5.
They worked in 2.3.4 with the exception of PHP. |
|
| Back to top |
|
|
|
|
|
|
