Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hi Nick, Thanks for the fast response. These URL's are all hosted on the same machine w/the same IP address. I figured out what I was doing wrong thanks to Eggert. I was not using the properly. I'm including my fixed .conf file below in case it might be useful to others. SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us # Those aliases do not work properly with several hosts on your apache server # Uncomment them to use it or adapt them to your configuration #Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ #Alias /roundcube /var/lib/roundcube # by NF - Alias /roundcubemail /usr/share/roundcubemail/ Alias /webmail /usr/share/roundcubemail/ # by NF - Adding Alias for webadmin Alias /kolab-webadmin /usr/share/kolab-webadmin/public_html/ # by NF - Alias for iRony Alias /iRony /usr/share/iRony/public_html # This section for RoundCubeMail AKA Webmail # # Access to tinymce files # #Options Indexes MultiViews FollowSymLinks #AllowOverride None #Order allow,deny #Allow from all # Options +FollowSymLinks AllowOverride All Require all granted Order Allow,Deny Allow from All # Protecting basic directories: Options -FollowSymLinks AllowOverride None Options -FollowSymLinks AllowOverride None Require all denied Order Deny,Allow Deny from All # This section for Kolab-Webadmin# RewriteEngine on # NOTE: This needs to point to the base uri of your installation. RewriteBase /kolab-webadmin/ # Rewrite URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^api/(.*)\.(.*)$ api/index.php?service=$1&method=$2 [L,QSA] AddDefaultCharset UTF-8 php_value error_reporting 6135 DirectoryIndex index.php AllowOverride All Require all granted Order Allow,Deny Allow from All # This section iRony # AllowOverride All # Apache 2.4 Require all granted # Apache 2.2 Order Allow,Deny Allow from All RewriteEngine On RewriteBase /iRony/ RewriteRule ^\.well-known/caldav / [R,L] RewriteRule ^\.well-known/carddav / [R,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php [qsappend,last] On 29.04.2014 13:16, Nick Tkach wrote: So in that list of urls at the top, those are totally separate names and IPs? Something like this? 11.22.33.44/webmail is the main interface 55.66.77.88/web-admin is the administrative interface 99.00.11.22/webdav is for access to the WebDAV component On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate wrote: Hi All, I'm new to the list, so please excuse me if I'm in the wrong spot. I host a groupware service on a Debian 7 host running Apache2.2. The service uses multiple URL's for it's interface. xx.xx.xx.xx/webmail is the main interface xx.xx.xx.xx/web-admin is the administrative interface xx.xx.xx.xx/webdav is for access to the WebDAV component Each URL is enabled and it's .conf file is living in sites-enabled/ To secure the first URL, I modified the webmail.conf to have the following lines at the top of the file: SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us and at the bottom of the file. This worked great until I repeated it for the remaining URL's which results in an error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence When I search for tutorials and documentation on how to do this properly, I keep getting information related to securing multiple virtual hosts, which does not really work for my scenario. I would be grateful for any pointers on how I can secure my server properly! Many Thanks! -Nate - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
So in that list of urls at the top, those are totally separate names and IPs? Something like this? 11.22.33.44/webmail is the main interface 55.66.77.88/web-admin is the administrative interface 99.00.11.22/webdav is for access to the WebDAV component On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate wrote: > Hi All, > > I'm new to the list, so please excuse me if I'm in the wrong spot. > > I host a groupware service on a Debian 7 host running Apache2.2. The > service uses multiple URL's for it's interface. > > xx.xx.xx.xx/webmail is the main interface > xx.xx.xx.xx/web-admin is the administrative interface > xx.xx.xx.xx/webdav is for access to the WebDAV component > > Each URL is enabled and it's .conf file is living in sites-enabled/ > > To secure the first URL, I modified the webmail.conf to have the following > lines at the top of the file: > > > SSLEngine on > SSLCertificateFile /etc/ssl/apache.pem > SSLCertificateKeyFile /etc/ssl/private/apache.key > ServerAdmin webmas...@puresolar.us > > > and at the bottom of the file. > > This worked great until I repeated it for the remaining URL's which results > in an error: [warn] _default_ VirtualHost overlap on port 443, the first > has precedence > > When I search for tutorials and documentation on how to do this properly, I > keep getting information related to securing multiple virtual hosts, which > does not really work for my scenario. I would be grateful for any pointers > on how I can secure my server properly! > > Many Thanks! > > -Nate > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hello Eggert, Thanks for your suggestion! I'm going to try it now. :-) Nate On 29.04.2014 12:56, Eggert Ehmke wrote: Hello Nate, if all your URLs are in the same domain, I would expect only one virtual host. This can contain multiple sections for your purpose. This way you only have one host on port 443. Hope that helps Eggert Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate: Hi All, I'm new to the list, so please excuse me if I'm in the wrong spot. I host a groupware service on a Debian 7 host running Apache2.2. The service uses multiple URL's for it's interface. xx.xx.xx.xx/webmail is the main interface xx.xx.xx.xx/web-admin is the administrative interface xx.xx.xx.xx/webdav is for access to the WebDAV component Each URL is enabled and it's .conf file is living in sites-enabled/ To secure the first URL, I modified the webmail.conf to have the following lines at the top of the file: SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us and at the bottom of the file. This worked great until I repeated it for the remaining URL's which results in an error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence When I search for tutorials and documentation on how to do this properly, I keep getting information related to securing multiple virtual hosts, which does not really work for my scenario. I would be grateful for any pointers on how I can secure my server properly! Many Thanks! -Nate - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hello Nate, if all your URLs are in the same domain, I would expect only one virtual host. This can contain multiple sections for your purpose. This way you only have one host on port 443. Hope that helps Eggert Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate: > Hi All, > > I'm new to the list, so please excuse me if I'm in the wrong spot. > > I host a groupware service on a Debian 7 host running Apache2.2. The > service uses multiple URL's for it's interface. > > xx.xx.xx.xx/webmail is the main interface > xx.xx.xx.xx/web-admin is the administrative interface > xx.xx.xx.xx/webdav is for access to the WebDAV component > > Each URL is enabled and it's .conf file is living in sites-enabled/ > > To secure the first URL, I modified the webmail.conf to have the > following lines at the top of the file: > > > SSLEngine on > SSLCertificateFile /etc/ssl/apache.pem > SSLCertificateKeyFile /etc/ssl/private/apache.key > ServerAdmin webmas...@puresolar.us > > > and at the bottom of the file. > > This worked great until I repeated it for the remaining URL's which > results in an error: [warn] _default_ VirtualHost overlap on port 443, > the first has precedence > > When I search for tutorials and documentation on how to do this > properly, I keep getting information related to securing multiple > virtual hosts, which does not really work for my scenario. I would be > grateful for any pointers on how I can secure my server properly! > > Many Thanks! > > -Nate > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hi All, I'm new to the list, so please excuse me if I'm in the wrong spot. I host a groupware service on a Debian 7 host running Apache2.2. The service uses multiple URL's for it's interface. xx.xx.xx.xx/webmail is the main interface xx.xx.xx.xx/web-admin is the administrative interface xx.xx.xx.xx/webdav is for access to the WebDAV component Each URL is enabled and it's .conf file is living in sites-enabled/ To secure the first URL, I modified the webmail.conf to have the following lines at the top of the file: SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us and at the bottom of the file. This worked great until I repeated it for the remaining URL's which results in an error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence When I search for tutorials and documentation on how to do this properly, I keep getting information related to securing multiple virtual hosts, which does not really work for my scenario. I would be grateful for any pointers on how I can secure my server properly! Many Thanks! -Nate - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org