As I understand, you have inherited a running system of several physical machines each
running an instance of apache and with several virtual hosts but all on plain HTTP.
You now want to add HTTPS to the mix...
I assume you have compiled in or loaded the mod_ssl module and that you have
certificate and key (even if they are just self-signed).
To get you started, the basic idea is that an SSL site is really just a port-based
virtual-host (VH), usually on port 443 (the default for SSL). So on one of your
web-servers, you set up a new VH and give it a doc root:
First of all, encapsulate all you SSL directives inside an <Ifdefine> so that they
only get read if you explicitly start with SSL.
<IfDefine SSL>
Listen ip:443
<VirtualHost ip:443>
DocumentRoot /path/to/ssl/area/docroot
(where "ip" = the machine's IP address).
NB If you are running name-based virtual-hosting on this IP address, you have to add
the plain HTTP port to the NameVirtualHost directive or apache will complain, i.e.
<< NameVirtualHost ip
>> NameVirtualHost ip:80
(assuming you are running plain HTTP on port 80). Don't be tempted to use NBVHing with
SSL - it doesn't work.
Now, you need all the various SSL directives... The minimum set is:
SSLEngine on
SSLCertificateFile /path/to/cert
SSLCertificateFile /path/to/key
</VirtualHost>
</IfDefine>
Now test the configuration (apachectl configtest) and restart with ssl (apachectl
startssl - this issues the lower-level command "httpd -DSSL" which sets the env SSL
and so reads in the stuff inside <IfDefine SSL>).
Now you can surf to the site with: https://your-server/ - note carefully the use of
"https" to tell your browser that this is an SSL site.
That's the basics - check out the mod_ssl docs for more details about the directives
above and about others you may need to set if the defaults are not suitable.
Rgds,
Owen Boyle
>-----Original Message-----
>From: Carl Dionne [mailto:[EMAIL PROTECTED]]
>Sent: Donnerstag, 18. Juli 2002 23:42
>To: [EMAIL PROTECTED]
>Subject: https setup on Redhat Linux 7.3 usig apache webserver
>
>
>Hello,
>
>I am new to the mailing list. I have several redhat 7.3 linux
>servers that
>are running Apache 1.3 webservers. Can anyone point me to a
>guide to setup
>the following:
>
>1. Running a webserver using standard http
>2. and, setting up a sub area using a virtual host to allow
>access only
>through https.
>
>I must be missing something. I have verified that port 443 is
>active and
>listening. However I loose it when trying to get the web page
>to work with
>SSL using https instead of http.
>
>Has anyone done this before. I successfully got squirrelmail
>running but we
>want to use SSL for security reasons.
>
>Mahalo
>
>Carl Dionne
>UHH Computer Science
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
