Hi all,
I have been battling with this issue for far too long, and I am at wits
end.
I have an OpenBSD 5.4 machine, with httpd serving pages successfully
over both HTTP and HTTPS (with a CaCert-issued certificate). I want to
serve multiple sites on both protocols (the certificate has AltNames for
the various sites).
(Almost) everything works fine, and I do indeed manage to successfully
access all sites over HTTPS as expected. However, the HTTPS environment
variable, which should be set to 'on' for HTTPS sessions, is missing for
all but the first VHost. This is problematic because multiple apps
(mostly php-5.3.27, but also some CGI and Rewrites) inspect this
variable and behave differently depending on whether it is set to 'on'
or anything else.
The relevant bits of my configuration file are as follows (diffed from
the original src/usr.sbin/httpd/conf/httpd.conf from CVS on branch
OPENBSD_5_4):
938a939,940
> NameVirtualHost *:80
> NameVirtualHost *:443
1024,1025c1026,1027
< ServerName new.host.name
< ServerAdmin you@your.address
---
> #ServerName new.host.name
> #ServerAdmin you@your.address
1121a1124,1125
>
> Include /srv/www/conf/sites.d
The ServerName/ServerAdmin/... are all in the <VirtualHost _default_:443>
group. The Include is at the very end of the file.
I reduced my test case to /srv/www/conf/sites.d containing only one
file:
<VirtualHost *:80 *:443>
ServerName www.domain2.tld
ServerAdmin webmas...@domain.tld
DocumentRoot /var/www/sites/domain2.tld/www
</VirtualHost>
<Directory "/sites/domain2.tld/www">
Options MultiViews SymLinksIfOwnerMatch Includes
AllowOverride FileInfo
Order allow,deny
Allow from all
</Directory>
Neither /var/www/htdocs nor /var/www/sites/domain2.tld/www contain
.htaccess files.
This is a rather standard setup, and I've had this working on previous
machines (<=5.3). The HTTPD and SSL logs do not show any error nor
warning. I have been trying many combinations of NameVirtualHost,
VirtualHost and ServerName / ServerAlias.
In all (working) cases, the first (_default_) VHost has HTTPS set to
'on', and the other one simply hasn't anything set (as shown through a
phpinfo() page). Swapping the ServerName of the _default_ VHost to
another of the AltName'd names in the certificare sees that particular
domain get the HTTPS variable, and none of the others.
I'm not sure what to try next, if there is indeed anything else. Could
anybody offer some insight/experience about this type of setups? I guess
I'm missing something obvious, but searching the web for hours on end
hasn't yielded anything helpful... Does anybody have any idea what the
problem might be there?
--
Olivier Mehani <sht...@ssji.net>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
Confidentiality cannot be guaranteed on emails sent or received unencrypted.
