Re: Vitual Hosts not working with SSL
Thanks Cliff. It was not loaded...Apache failed to start. The solution, copy the ssl.conf information into the http.conf file without changing a single thing. - Original Message - From: Cliff Woolley [EMAIL PROTECTED] To: ComCity [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, June 08, 2003 11:57 AM Subject: Re: Vitual Hosts not working with SSL On Sun, 8 Jun 2003, ComCity wrote: I'm very confused about the Virtual Host configuration in Apache 2.0stuff that use to work seems like it doesn't and I gotta think thats because I don't know what I'm doing. ;) Can you be more specific about what it's (not) doing? Other than the fact that the snippet you sent in omitted certain important SSL directives (which are probably present elsewhere in your config file if it worked under Apache 1.3), the config looks okay to me, at least in terms of NBVH vs. IPBVH. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Vitual Hosts not working with SSL
I'm very confused about the Virtual Host configuration in Apache 2.0stuff that use to work seems like it doesn't and I gotta think thats because I don't know what I'm doing. ;) I need to run Named-based virtual hosts as was as IP based virtual hosts. The IP based virtual hosts need to simultaneously listen on port 80 and port 443 for the same IP address to handle ssl. It seems to me I should be able to do this: Listen 80 Listen 443 NameVirtualHost 219.11.62.74 #Name-based Virtual Hosts first VirtualHost 219.11.62.74 DocumentRoot /home/webs/default ServerName www.server1.com /VirtualHost VirtualHost 219.11.62.74 DocumentRoot //server2 ServerName www.server2.com /VirtualHost #Ip-based virtual Hosts next VirtualHost 219.11.62.102:80 DocumentRoot /home/webs/SSLSite1 ServerName www.SSLSite1.com:80 /VirtualHost # Then put this stuff in my SSL conf file. VirtualHost 219.11.62.102:443 DocumentRoot /home1/webs/SSLSite1 ServerName www.SSLSite1.com:443 SSLEngine ON SSLCertificateFile /usr/local/certs/anything.com.crt SSLCertificateKeyFile /usr/local/certs/anything.com.key /VirtualHost I understand that the limitations of SSL requiring a unique IP and that it can not be a named-based host...but you should be able to run the certificate on the same IP if the port is unique. How is this done now? How do you config a single IP for SSL on port 443 and reuse that IP for the website on port 80? Thank You very much. Michael __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: New User: must be obvious question
Thank you. - Original Message - From: [EMAIL PROTECTED] To: ComCity [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 23, 2001 11:25 PM Subject: Re: New User: must be obvious question Hi Mike, the problem you are observing has a simple explanation. If you define -DSSL as argument for apachectl or configtest or httpd the according parts included in IfDefine SSL .. /IfDefine are executed. If not defined, they are ignored. Your LoadModule and AddModule statements are properly nested with IfDefines, but your VirtualHost for SSL (including mod_ssl directives like SSLEngine) seems not to be enclosed by IfDefine or IfModule. If you start your httpd with -DSSL this is no problem, because mod_ssl is loaded and interprets these directives. If you don't give -DSSL (as in your call of configtest) the Apache httpd does not load mod_ssl and does not understand directives like SSLEngine. To get rid of the error, you should encapsulate all directives that are available only if a certain module is loaded into Apache with IfDefine or IfModule statements. For examples of this have a look in the standard httpd.conf in the conf directory of your Apache installation. The commented lines have no effect in or out. This was occuring long before these line comments were added. I just added those recently to find things easier when editing the file to try with this issue. I added these comments after the problem started...they where not there originally. Without the comment lines, it simply shifts the line # where the error occurs. I have always had LoadModule ssl_module modules/libssl.so in my httpd.conf but I do not have AddModule mod_ssl.c. However, upon adding this line AddModule mod_ssl.c, there was no effect. Configtest gives the same error on the same line #. Is there some other way to restart apache when mod_ssl is installed. After all, you use apachectl startssl instead of apachectl start. Is there an apachectl restartssl? Thanks Mike With best regards Georg Oppenberg Internet Engineer Web Hosting UUNET - a WorldCom Company UUNET Deutschland GmbH Sebrathweg 20 44149 Dortmund Germany Tel. +49 231 972 2280 Fax. +49 231 972 1180 [EMAIL PROTECTED] http://www.worldcom.com/de/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: New User: must be obvious question
Well that doesn't make a lot of senseso your saying that configtest is better at error checking than apache is at running? Here's the error I get: Syntax error on line 1158 of /usr/local/apache/conf/httpd.conf: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration 8 snip #Listen 80 VirtualHost 209.10.62.26:80 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com ScriptAlias /_vti_bin/_vti_adm/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_adm/ ScriptAlias /_vti_bin/_vti_aut/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_aut/ ScriptAlias /_vti_bin/ /home/webs/holisticfamilyandpets/_vti_bin/ /VirtualHost #Listen 443 VirtualHost 209.10.62.26:443 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com # The following line is line 1158 SSLEngine ON SSLCertificateFile /usr/local/certs/holisticfamilyandpets.com.crt SSLCertificateKeyFile /usr/local/certs/holisticfamilyandpets.com.key SSLVerifyClient none /VirtualHost - Original Message - From: Owen Boyle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 23, 2001 12:14 AM Subject: Re: New User: must be obvious question ComCity wrote: Hi, I've gotten Mod_SSL working on my apache server along with openSSL. I have working certs and they get served up as virtual servers. My question has to be obvious. I can stop apache no problem with: apachectl stop I can start apache no problem with apachectl startssl However, I cannot restart apache with apachectl restart And, if I use apachectl configtest it tells me I have an error at the SSLEngine On line of my conf file line. This can't be real because it work fine if I stop and restart or reboot the computer. The restart command simply doesn't seem to be working for me. If you are getting an error message when you configtest, then the amazing thing is that your server is starting under any circumstances. I suspect this is not a problem with apachectl which works fine for everyone else but rather (suprise, suprise...) and error in your conf file. To help diagnose it, please cut'n'paste the error messagea and post the section from your conf file which deals with the SSL virtualhost. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: New User: must be obvious question
Well that doesn't make a lot of senseso your saying that configtest is better at error checking than apache is at running? How do you think configtest works? - it's just an instance of apache with an error trap and exit stuck on. Exactly my point. It absolutely is running. Actually I think you were mistaken when you told us apache was running - I think you would find it was not working in SSL mode (apachectl startssl doesn't report startup errors to the console - they go in the logfile). Sure it is. I gave you the urls in the httpd.conf file. Try them they both work http://209.10.62.26 The ssl version of the site: https://209.10.62.26 Also, I just checked the ssl_engine.log and it starts SSL for the virtual server without any errors posted there. No errors in the error log either. What log are you referring to? Here's the error I get: Syntax error on line 1158 of /usr/local/apache/conf/httpd.conf: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration What could that mean? Figure it out for yourself. Well its not misspelled and mod_ssl was compiled in which is the only similar error I've seen posted on this subject after checking the archives so I'm not sure what server configuration file its referring to except for httpd.conf. If I knew the answer, why would I do a post in the first place. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: New User: must be obvious question
The commented lines have no effect in or out. This was occuring long before these line comments were added. I just added those recently to find things easier when editing the file to try with this issue. I added these comments after the problem started...they where not there originally. Without the comment lines, it simply shifts the line # where the error occurs. I have always had LoadModule ssl_module modules/libssl.so in my httpd.conf but I do not have AddModule mod_ssl.c. However, upon adding this line AddModule mod_ssl.c, there was no effect. Configtest gives the same error on the same line #. Is there some other way to restart apache when mod_ssl is installed. After all, you use apachectl startssl instead of apachectl start. Is there an apachectl restartssl? Thanks Mike The commented out Listen 443 and Listen 80 are probably part of your problem, however, I'd suspect that your httpd.conf is missing the following from the relevant sections also: LoadModule ssl_module modules/libssl.so AddModule mod_ssl.c - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: ComCity [mailto:[EMAIL PROTECTED]] Sent: 23 October 2001 15:29 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: New User: must be obvious question Well that doesn't make a lot of senseso your saying that configtest is better at error checking than apache is at running? Here's the error I get: Syntax error on line 1158 of /usr/local/apache/conf/httpd.conf: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration 8 snip #Listen 80 VirtualHost 209.10.62.26:80 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com ScriptAlias /_vti_bin/_vti_adm/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_adm/ ScriptAlias /_vti_bin/_vti_aut/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_aut/ ScriptAlias /_vti_bin/ /home/webs/holisticfamilyandpets/_vti_bin/ /VirtualHost #Listen 443 VirtualHost 209.10.62.26:443 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com # The following line is line 1158 SSLEngine ON SSLCertificateFile /usr/local/certs/holisticfamilyandpets.com.crt SSLCertificateKeyFile /usr/local/certs/holisticfamilyandpets.com.key SSLVerifyClient none /VirtualHost - Original Message - From: Owen Boyle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 23, 2001 12:14 AM Subject: Re: New User: must be obvious question ComCity wrote: Hi, I've gotten Mod_SSL working on my apache server along with openSSL. I have working certs and they get served up as virtual servers. My question has to be obvious. I can stop apache no problem with: apachectl stop I can start apache no problem with apachectl startssl However, I cannot restart apache with apachectl restart And, if I use apachectl configtest it tells me I have an error at the SSLEngine On line of my conf file line. This can't be real because it work fine if I stop and restart or reboot the computer. The restart command simply doesn't seem to be working for me. If you are getting an error message when you configtest, then the amazing thing is that your server is starting under any circumstances. I suspect this is not a problem with apachectl which works fine for everyone else but rather (suprise, suprise...) and error in your conf file. To help diagnose it, please cut'n'paste the error messagea and post the section from your conf file which deals with the SSL virtualhost. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept
Re: New User: must be obvious question
Interestingcould this be the problem? As I said earlier LoadModule ssl_module modules/libssl.so is there and I thought AddModule mod_ssl.c was not. However, it is there, it's just in a different place and split up. Could that be the problem? This is on line 208 of httpd.conf IfDefine SSL LoadModule ssl_module libexec/libssl.so /IfDefine However, Later on in the httpd.conf on line 234, the AddModule for mod_ssl.c is shown like this with other AddModules: ClearModuleList AddModule mod_env.c AddModule mod_log_config.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_status.c AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_asis.c AddModule mod_imap.c AddModule mod_actions.c AddModule mod_userdir.c AddModule mod_alias.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_so.c AddModule mod_setenvif.c IfDefine SSL AddModule mod_ssl.c /IfDefine AddModule mod_frontpage.c AddModule mod_php4.c Can you not split these up? Thank You very much. Michael Barber - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 23, 2001 8:01 AM Subject: RE: New User: must be obvious question The commented out Listen 443 and Listen 80 are probably part of your problem, however, I'd suspect that your httpd.conf is missing the following from the relevant sections also: LoadModule ssl_module modules/libssl.so AddModule mod_ssl.c - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: ComCity [mailto:[EMAIL PROTECTED]] Sent: 23 October 2001 15:29 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: New User: must be obvious question Well that doesn't make a lot of senseso your saying that configtest is better at error checking than apache is at running? Here's the error I get: Syntax error on line 1158 of /usr/local/apache/conf/httpd.conf: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration 8 snip #Listen 80 VirtualHost 209.10.62.26:80 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com ScriptAlias /_vti_bin/_vti_adm/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_adm/ ScriptAlias /_vti_bin/_vti_aut/ /home/webs/holisticfamilyandpets/_vti_bin/_vti_aut/ ScriptAlias /_vti_bin/ /home/webs/holisticfamilyandpets/_vti_bin/ /VirtualHost #Listen 443 VirtualHost 209.10.62.26:443 DocumentRoot /home/webs/holisticfamilyandpets ServerName www.holisticfamilyandpets.com # The following line is line 1158 SSLEngine ON SSLCertificateFile /usr/local/certs/holisticfamilyandpets.com.crt SSLCertificateKeyFile /usr/local/certs/holisticfamilyandpets.com.key SSLVerifyClient none /VirtualHost - Original Message - From: Owen Boyle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 23, 2001 12:14 AM Subject: Re: New User: must be obvious question ComCity wrote: Hi, I've gotten Mod_SSL working on my apache server along with openSSL. I have working certs and they get served up as virtual servers. My question has to be obvious. I can stop apache no problem with: apachectl stop I can start apache no problem with apachectl startssl However, I cannot restart apache with apachectl restart And, if I use apachectl configtest it tells me I have an error at the SSLEngine On line of my conf file line. This can't be real because it work fine if I stop and restart or reboot the computer. The restart command simply doesn't seem to be working for me. If you are getting an error message when you configtest, then the amazing thing is that your server is starting under any circumstances. I suspect this is not a problem with apachectl which works fine for everyone else but rather (suprise, suprise...) and error in your conf file. To help diagnose it, please cut'n'paste the error messagea and post the section from your conf file which deals with the SSL virtualhost. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged
New User: must be obvious question
Hi, I've gotten Mod_SSL working on my apache server along with openSSL. I have working certs and they get served up as virtual servers. My question has to be obvious. I can stop apache no problem with: apachectl stop I can start apache no problem with apachectl startssl However, I cannot restart apache with apachectl restart And, if I use apachectl configtest it tells me I have an error at the SSLEngine On line of my conf file line. This can't be real because it work fine if I stop and restart or reboot the computer. The restart command simply doesn't seem to be working for me. What am I missing here? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]