Warning message when starting modssl
Hello mod ssl users, I have compiled apache 1.3.26 with modssl. However, when i start apache it gives me a load of warning messages: [Fri Jul 19 13:40:36 2002] [warn] module mod_vhost_alias.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_env.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_log_config.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_mime_magic.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_mime.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_negotiation.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_status.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_info.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_include.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_autoindex.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_dir.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_cgi.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_asis.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_imap.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_actions.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_speling.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_userdir.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_alias.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_rewrite.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_access.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_auth.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_auth_anon.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_auth_dbm.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_digest.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_proxy.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_cern_meta.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_expires.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_headers.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_usertrack.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_unique_id.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_so.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_setenvif.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module auth_ldap.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_ssl.c is already added, skipping [Fri Jul 19 13:40:36 2002] [warn] module mod_dav.c is already added, skipping but apache still starts but why is it giving me these warning messages? thanks paul _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: virtual host port 443
ann wallace wrote: > im sure this question has been asked before, but i looked around and i > cannot find anything... so here goes, > > i have one virtualhost set up to use port 443, but for some reason if you go > to any of the virtualhost set up on port 80, via https it defaults to the > one host set up on port 443. > > config: > > Listen 1.2.3.4:80 > NameVirtualHost 1.2.3.4:80 > > >ServerAdmin blah@blah >DocumentRoot /home/httpd/html >ServerName www.blah.blah >ErrorLog logs/blah-error_log >TransferLog logs/blah-access_log > > AllowOverride AuthConfig > Options Indexes Includes ExecCGI > Order allow,deny > Allow from all > > > > > > Listen 1.2.3.4:443 > > > ServerAdmin webmaster@otherdomain > DocumentRoot /www/lotherdomain > ServerName www.otherdomain.net > ServerAlias otherdomain.net *.otherdomain.net > ErrorLog /var/log/httpd/secure-otherdomain-errlog > TransferLog /var/log/httpd/secure-otherdomain-access_log > SSLEngine on > SSLCertificateFile/etc/httpd/conf/ssl.crt/www.otherdomain.net.crt > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key > AddType text/html .shtml .html > AddHandler server-parsed .shtml .html > > Options Indexes Includes FollowSymLinks ExecCGI > AllowOverride AuthConfig > Order allow,deny > Allow from all > > > > thanks ann > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > ann, Requesting https means 'use port 443'. That is consistent with your results, though it may not be consistent with your intent. I am sorry, but I do not have the experience to know how to achieve what you want, however I will give the limited insight that I have aquired... I have been able to specify ports explicitly in the url to override the http or https, but when left to figure it out my servers (the browsers) obey the rules. http = 80 https = 443 I have specifically set a server to listen to http = 1046 https = 1047 But, in order to make this work as expected I need to pass the port on the url. I have noticed that different browsers behave differently to not specifying the port. In some cases typing the url to a server listening on a non-standard port will result in complete failure (by not providing the http part) http://my.domain.org:1046 https://my.domain.org:1047 It may be that there is more than one derived valued from the terms, 'http' and 'https'. I think (but wait to be corrected) that you must maintain the separation of function between your secure and non-secure servers so that http and https behave naturally. That is ... the server that is listening on port 80 is non-secure and will respond to requests from 'http' while your server listening on port 443 will be secure and will respond to requests from 'https'. However, I don't think this precludes your ability to specify ports and thus force http or https on different port values. I do not know if this will help you and I invite someone to correct me for the benefit of us both. chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: https setup on Redhat Linux 7.3 usig apache webserver
As I understand, you have inherited a running system of several physical machines each running an instance of apache and with several virtual hosts but all on plain HTTP. You now want to add HTTPS to the mix... I assume you have compiled in or loaded the mod_ssl module and that you have certificate and key (even if they are just self-signed). To get you started, the basic idea is that an SSL site is really just a port-based virtual-host (VH), usually on port 443 (the default for SSL). So on one of your web-servers, you set up a new VH and give it a doc root: First of all, encapsulate all you SSL directives inside an so that they only get read if you explicitly start with SSL. Listen ip:443 DocumentRoot /path/to/ssl/area/docroot (where "ip" = the machine's IP address). NB If you are running name-based virtual-hosting on this IP address, you have to add the plain HTTP port to the NameVirtualHost directive or apache will complain, i.e. << NameVirtualHost ip >> NameVirtualHost ip:80 (assuming you are running plain HTTP on port 80). Don't be tempted to use NBVHing with SSL - it doesn't work. Now, you need all the various SSL directives... The minimum set is: SSLEngine on SSLCertificateFile /path/to/cert SSLCertificateFile /path/to/key Now test the configuration (apachectl configtest) and restart with ssl (apachectl startssl - this issues the lower-level command "httpd -DSSL" which sets the env SSL and so reads in the stuff inside ). Now you can surf to the site with: https://your-server/ - note carefully the use of "https" to tell your browser that this is an SSL site. That's the basics - check out the mod_ssl docs for more details about the directives above and about others you may need to set if the defaults are not suitable. Rgds, Owen Boyle >-Original Message- >From: Carl Dionne [mailto:[EMAIL PROTECTED]] >Sent: Donnerstag, 18. Juli 2002 23:42 >To: [EMAIL PROTECTED] >Subject: https setup on Redhat Linux 7.3 usig apache webserver > > >Hello, > >I am new to the mailing list. I have several redhat 7.3 linux >servers that >are running Apache 1.3 webservers. Can anyone point me to a >guide to setup >the following: > >1. Running a webserver using standard http >2. and, setting up a sub area using a virtual host to allow >access only >through https. > >I must be missing something. I have verified that port 443 is >active and >listening. However I loose it when trying to get the web page >to work with >SSL using https instead of http. > >Has anyone done this before. I successfully got squirrelmail >running but we >want to use SSL for security reasons. > >Mahalo > >Carl Dionne >UHH Computer Science > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
solaris 8 random number seed
Hi, I'm having the popular 'Solaris 8 has no /dev/random' problem. I'm using openssl-0.9.6b and I don't have the option to upgrade nor can I add the Solaris patch to create /dev/random. (30 odd live servers which I'm not allowed to reboot or mangle if it can be avoided) I've installed egd and pgrnd packages downloaded from sunfreeware.com. If I use the openssl command line utility then, provided I've created a .rnd seed file in my home directory, I can create keys, etc. without seeing errors about the random number generator being un-seeded. The same is not true for Apache with mod_ssl. I don't know how to let mod_ssl / Apache know where the random number seed file is. Any help would be greatly appreciated. Greg Hamilton
virtual host port 443
im sure this question has been asked before, but i looked around and i cannot find anything... so here goes, i have one virtualhost set up to use port 443, but for some reason if you go to any of the virtualhost set up on port 80, via https it defaults to the one host set up on port 443. config: Listen 1.2.3.4:80 NameVirtualHost 1.2.3.4:80 ServerAdmin blah@blah DocumentRoot /home/httpd/html ServerName www.blah.blah ErrorLog logs/blah-error_log TransferLog logs/blah-access_log AllowOverride AuthConfig Options Indexes Includes ExecCGI Order allow,deny Allow from all Listen 1.2.3.4:443 ServerAdmin webmaster@otherdomain DocumentRoot /www/lotherdomain ServerName www.otherdomain.net ServerAlias otherdomain.net *.otherdomain.net ErrorLog /var/log/httpd/secure-otherdomain-errlog TransferLog /var/log/httpd/secure-otherdomain-access_log SSLEngine on SSLCertificateFile/etc/httpd/conf/ssl.crt/www.otherdomain.net.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.otherdomain.net.key AddType text/html .shtml .html AddHandler server-parsed .shtml .html Options Indexes Includes FollowSymLinks ExecCGI AllowOverride AuthConfig Order allow,deny Allow from all thanks ann __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Compiling apache with mod_perl + mod_ssl on HP-UX 10.2; link problem
On Fri, Jul 19, 2002 at 05:01:35PM +1000, Ian Macdonald wrote: > I've been running apache 1.3.26 with mod_perl 1.26 statically linked in > for a while now with no problems. > > I've recently tried to add mod_ssl to the configuration and the apache > build now fails at the final link like so: > > cc -DHPUX10 -Aa -Ae -D_HPUX_SOURCE -DMOD_SSL=208110 -DMOD_PERL > -DUSE_PERL_SSI -Ae -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 > -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED -Ae -D_LARGEFILE_SOURCE > -D_FILE_OFFSET_BITS=64 `./apaci` -L/usr/local/ssl/lib \ > -o httpd buildmark.o modules.o modules/ssl/libssl.a > modules/perl/libperl.a modules/standard/libstandard.a main/libmain.a > ./os/unix/libos.a ap/libap.a regex/libregex.a -ldbm -lssl -lcrypto > -Wl,-E -Wl,-B,deferred > /opt/perl5/lib/5.6.1/PA-RISC1.1/auto/DynaLoader/DynaLoader.a > -L/opt/perl5/lib/5.6.1/PA-RISC1.1/CORE -lperl -lnsl_s -ldld -lm -lc > -lndir -lcrypt -lsec -lm > /usr/ccs/bin/ld: Unsatisfied symbols: >__umoddi3 (code) >__udivdi3 (code) > *** Error exit code 1 > > Searching on the mod_perl list archive revealed one answer which was to > use the GNU ld instead; unfortunately, this doesn't seem easy on HP-UX, > as ld is not part of the standard GNU binutils package for HP-UX and > compiling the generic binutils manually doesn't build any version of ld > as far as I could tell. This solution is only partly correct. The real reason for your problem is that at least some of your objects have been compiled with gcc. The missing functions are part of libgcc.a, which is available somewhere in your gcc installation. >From your "nm" of libcrypto.a it seems that openssl was compiled with gcc. Thus, 2 possible solutions: * Add -L/path/to/where/libgcc/is/ -lgcc after -lcrypto, maybe at the end of the list. (I think this is what GNU ld makes automatically.) * Recompile every component using HP's compiler. That's how I do it. Works fine for me :-) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]