Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. At the expense of simplicity. The learning curve may be steeper, adding hosts is easier (IMHO etc of course). How does the layout facilitate adding hosts? I added a 01_vhost.conf file to be included in httpd.conf. Adding vhosts = dropping the config in /etc/apache2/vhosts.d/, no need to touch other files. Enabling PHP? Just add one -Define in /etc/conf.d/apache2. domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. What would you do if you needed a certain Location block for one Or multiple ports. Or make a certificate for multiple domains. But the problem is that I need a Location block for one SSL domain and not for another. I can't do that on the same IP, domain, and port no matter what kind of certificates I have right? Uhhhm, why, yes, you can. I'm not quite sure I understand your problem right now, but basically you can do (seen from apache) anything with your 443 hosts you can do with the 80 ones. The only problem is 1. You can only use one (1) certificate per IP/port, 2. If you host both domains foo and bar behind one IP/port, and your certificate is foo only, visitors of bar will get a validation nag. Compare your ssl vhosts to your non ssl ones. I think you made some little mistake while adapting the gentoo config file copy. See below for our (working) config, note the similarity of IP and port... ;-) Regards, Thomas VirtualHost 88.198.12.136:443 ServerName issues.serverkommune.de DocumentRoot /var/www/www.serverkommune.de/htdocs/trac IfDefine SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/cacert-signed.crt SSLCertificateKeyFile conf/ssl/cacert.key /IfDefine Location / SetHandler mod_python [...] /Location /VirtualHost VirtualHost 88.198.12.136:443 ServerName www.serverkommune.de DocumentRoot /var/www/www.serverkommune.de/htdocs IfDefine PHP5 [...etc pp...] -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. At the expense of simplicity. The learning curve may be steeper, adding hosts is easier (IMHO etc of course). How does the layout facilitate adding hosts? I added a 01_vhost.conf file to be included in httpd.conf. Adding vhosts = dropping the config in /etc/apache2/vhosts.d/, no need to touch other files. Enabling PHP? Just add one -Define in /etc/conf.d/apache2. domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. What would you do if you needed a certain Location block for one Or multiple ports. Or make a certificate for multiple domains. But the problem is that I need a Location block for one SSL domain and not for another. I can't do that on the same IP, domain, and port no matter what kind of certificates I have right? Uhhhm, why, yes, you can. I'm not quite sure I understand your problem right now, but basically you can do (seen from apache) anything with your 443 hosts you can do with the 80 ones. The only problem is 1. You can only use one (1) certificate per IP/port, 2. If you host both domains foo and bar behind one IP/port, and your certificate is foo only, visitors of bar will get a validation nag. Compare your ssl vhosts to your non ssl ones. I think you made some little mistake while adapting the gentoo config file copy. See below for our (working) config, note the similarity of IP and port... ;-) Regards, Thomas VirtualHost 88.198.12.136:443 ServerName issues.serverkommune.de DocumentRoot /var/www/www.serverkommune.de/htdocs/trac IfDefine SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/cacert-signed.crt SSLCertificateKeyFile conf/ssl/cacert.key /IfDefine Location / SetHandler mod_python [...] /Location /VirtualHost VirtualHost 88.198.12.136:443 ServerName www.serverkommune.de DocumentRoot /var/www/www.serverkommune.de/htdocs IfDefine PHP5 [...etc pp...] Did you turn SSL on in the second :443 vhost? I can't get it to work when both are SSL. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: Compare your ssl vhosts to your non ssl ones. I think you made some little mistake while adapting the gentoo config file copy. See below for our (working) config, note the similarity of IP and port... ;-) Did you turn SSL on in the second :443 vhost? I can't get it to work when both are SSL. Yes. Thats right below the etc pp part :-). Do you have a namevirtualhost directive for :443 somewhere in your configs? Do you have one for :80? Regards, Thomas -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
On Thu, 7 Dec 2006, Grant wrote: Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. What would you do if you needed a certain Location block for one domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. -- A -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. At the expense of simplicity. What would you do if you needed a certain Location block for one domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. Or multiple ports. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. At the expense of simplicity. The learning curve may be steeper, adding hosts is easier (IMHO etc of course). domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. What would you do if you needed a certain Location block for one Or multiple ports. Or make a certificate for multiple domains. Regards, Thomas -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. Actually that makes it super flexible. At the expense of simplicity. The learning curve may be steeper, adding hosts is easier (IMHO etc of course). How does the layout facilitate adding hosts? I added a 01_vhost.conf file to be included in httpd.conf. domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? YES. What would you do if you needed a certain Location block for one Or multiple ports. Or make a certificate for multiple domains. But the problem is that I need a Location block for one SSL domain and not for another. I can't do that on the same IP, domain, and port no matter what kind of certificates I have right? - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: Does anyone else find the Gentoo apache2 layout/config annoying? I don't think it's annoying. I would say: it's, eh, versatile :-) But I guess it's very much the same on other distributions. So, I would this mark this as OT. Kind regards, Hans. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: I need to include a Location block for one subdomain, but not for another. I have separate VirtualHost blocks set up for port 80, but when I try to do the same for port 443, I get the following when restarting apache2: [warn] _default_ VirtualHost overlap on port 443, the first has precedence To create the second 443 VirtualHost I copied the Gentoo SSL_DEFAULT_VHOST config to another file and did a little editing. Should I be going about that a different way? Does anyone else find the Gentoo apache2 layout/config annoying? - Grant Actually I find the layout clean and relaxing with just a hint of cinnamon. :) I suspect you're doing *:443 in more than one place. SSL can not use named based vhosts. You need multiple IPs to do multiple ssl vhosts correctly. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
I need to include a Location block for one subdomain, but not for another. I have separate VirtualHost blocks set up for port 80, but when I try to do the same for port 443, I get the following when restarting apache2: [warn] _default_ VirtualHost overlap on port 443, the first has precedence To create the second 443 VirtualHost I copied the Gentoo SSL_DEFAULT_VHOST config to another file and did a little editing. Should I be going about that a different way? Does anyone else find the Gentoo apache2 layout/config annoying? - Grant Actually I find the layout clean and relaxing with just a hint of cinnamon. :) Ok, knowing that others like it I'm more comfortable trying to get used to it. It's all the IfDefine stuff I don't like. I suspect you're doing *:443 in more than one place. SSL can not use named based vhosts. You need multiple IPs to do multiple ssl vhosts correctly. What would you do if you needed a certain Location block for one domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? - Grant kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
Grant wrote: What would you do if you needed a certain Location block for one domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? In my case I'm doing something like this on a single webserver. head -n 5 /etc/apache2/vhosts.d/02_webapi.domain.com.conf VirtualHost 10.77.0.51:443 ServerName webapi.domain.com DocumentRoot /var/www/webapi.domain.com/site head -n 5 /etc/apache2/vhosts.d/03_secure.domain.com.conf VirtualHost 10.77.0.61:443 ServerName secure.domain.com DocumentRoot /var/www/secure.domain.com/site I also moved /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf to another dir to keep it from conflicting with the ssl vhosts I have. You can make ssl work on a single IP if you don't mind all the this ssl cert is for blah domain not this domain warnings you'll get from your browser. The reason this happens is that SSL is negotiated before the request for the domain so you'll default to first ssl vhost Apache loaded for that IP. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Gentoo apache2 VirtualHost :443 config
What would you do if you needed a certain Location block for one domain but not for another, and you need both of the domains to function under SSL? Is multiple IPs the only way? In my case I'm doing something like this on a single webserver. head -n 5 /etc/apache2/vhosts.d/02_webapi.domain.com.conf VirtualHost 10.77.0.51:443 ServerName webapi.domain.com DocumentRoot /var/www/webapi.domain.com/site head -n 5 /etc/apache2/vhosts.d/03_secure.domain.com.conf VirtualHost 10.77.0.61:443 ServerName secure.domain.com DocumentRoot /var/www/secure.domain.com/site I also moved /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf to another dir to keep it from conflicting with the ssl vhosts I have. You can make ssl work on a single IP if you don't mind all the this ssl cert is for blah domain not this domain warnings you'll get from your browser. The reason this happens is that SSL is negotiated before the request for the domain so you'll default to first ssl vhost Apache loaded for that IP. kashani Thanks a lot for the help. I'm using port 444 for the second SSL vhost. That's no problem because it's admin stuff. I guess that's port-based virtual hosting. - Grant -- gentoo-user@gentoo.org mailing list