Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hi Nick,
Thanks for the fast response. These URL's are all hosted on the same
machine w/the same IP address.
I figured out what I was doing wrong thanks to Eggert. I was not using
the properly.
I'm including my fixed .conf file below in case it might be useful to
others.
SSLEngine on
SSLCertificateFile /etc/ssl/apache.pem
SSLCertificateKeyFile /etc/ssl/private/apache.key
ServerAdmin webmas...@puresolar.us
# Those aliases do not work properly with several hosts on your apache
server
# Uncomment them to use it or adapt them to your configuration
#Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
#Alias /roundcube /var/lib/roundcube
# by NF - Alias /roundcubemail /usr/share/roundcubemail/
Alias /webmail /usr/share/roundcubemail/
# by NF - Adding Alias for webadmin
Alias /kolab-webadmin /usr/share/kolab-webadmin/public_html/
# by NF - Alias for iRony
Alias /iRony /usr/share/iRony/public_html
# This section for RoundCubeMail AKA Webmail #
# Access to tinymce files
#
#Options Indexes MultiViews FollowSymLinks
#AllowOverride None
#Order allow,deny
#Allow from all
#
Options +FollowSymLinks
AllowOverride All
Require all granted
Order Allow,Deny
Allow from All
# Protecting basic directories:
Options -FollowSymLinks
AllowOverride None
Options -FollowSymLinks
AllowOverride None
Require all denied
Order Deny,Allow
Deny from All
# This section for Kolab-Webadmin#
RewriteEngine on
# NOTE: This needs to point to the base uri of your
installation.
RewriteBase /kolab-webadmin/
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^api/(.*)\.(.*)$ api/index.php?service=$1&method=$2
[L,QSA]
AddDefaultCharset UTF-8
php_value error_reporting 6135
DirectoryIndex index.php
AllowOverride All
Require all granted
Order Allow,Deny
Allow from All
# This section iRony #
AllowOverride All
# Apache 2.4
Require all granted
# Apache 2.2
Order Allow,Deny
Allow from All
RewriteEngine On
RewriteBase /iRony/
RewriteRule ^\.well-known/caldav / [R,L]
RewriteRule ^\.well-known/carddav / [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [qsappend,last]
On 29.04.2014 13:16, Nick Tkach wrote:
So in that list of urls at the top, those are totally separate names
and IPs? Something like this?
11.22.33.44/webmail is the main interface
55.66.77.88/web-admin is the administrative interface
99.00.11.22/webdav is for access to the WebDAV component
On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate
wrote:
Hi All,
I'm new to the list, so please excuse me if I'm in the wrong spot.
I host a groupware service on a Debian 7 host running Apache2.2. The
service uses multiple URL's for it's interface.
xx.xx.xx.xx/webmail is the main interface
xx.xx.xx.xx/web-admin is the administrative interface
xx.xx.xx.xx/webdav is for access to the WebDAV component
Each URL is enabled and it's .conf file is living in sites-enabled/
To secure the first URL, I modified the webmail.conf to have the
following
lines at the top of the file:
SSLEngine on
SSLCertificateFile /etc/ssl/apache.pem
SSLCertificateKeyFile /etc/ssl/private/apache.key
ServerAdmin webmas...@puresolar.us
and at the bottom of the file.
This worked great until I repeated it for the remaining URL's which
results
in an error: [warn] _default_ VirtualHost overlap on port 443, the
first
has precedence
When I search for tutorials and documentation on how to do this
properly, I
keep getting information related to securing multiple virtual hosts,
which
does not really work for my scenario. I would be grateful for any
pointers
on how I can secure my server properly!
Many Thanks!
-Nate
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
So in that list of urls at the top, those are totally separate names and IPs? Something like this? 11.22.33.44/webmail is the main interface 55.66.77.88/web-admin is the administrative interface 99.00.11.22/webdav is for access to the WebDAV component On Tue, Apr 29, 2014 at 2:48 PM, Foster, Nate wrote: > Hi All, > > I'm new to the list, so please excuse me if I'm in the wrong spot. > > I host a groupware service on a Debian 7 host running Apache2.2. The > service uses multiple URL's for it's interface. > > xx.xx.xx.xx/webmail is the main interface > xx.xx.xx.xx/web-admin is the administrative interface > xx.xx.xx.xx/webdav is for access to the WebDAV component > > Each URL is enabled and it's .conf file is living in sites-enabled/ > > To secure the first URL, I modified the webmail.conf to have the following > lines at the top of the file: > > > SSLEngine on > SSLCertificateFile /etc/ssl/apache.pem > SSLCertificateKeyFile /etc/ssl/private/apache.key > ServerAdmin webmas...@puresolar.us > > > and at the bottom of the file. > > This worked great until I repeated it for the remaining URL's which results > in an error: [warn] _default_ VirtualHost overlap on port 443, the first > has precedence > > When I search for tutorials and documentation on how to do this properly, I > keep getting information related to securing multiple virtual hosts, which > does not really work for my scenario. I would be grateful for any pointers > on how I can secure my server properly! > > Many Thanks! > > -Nate > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hello Eggert, Thanks for your suggestion! I'm going to try it now. :-) Nate On 29.04.2014 12:56, Eggert Ehmke wrote: Hello Nate, if all your URLs are in the same domain, I would expect only one virtual host. This can contain multiple sections for your purpose. This way you only have one host on port 443. Hope that helps Eggert Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate: Hi All, I'm new to the list, so please excuse me if I'm in the wrong spot. I host a groupware service on a Debian 7 host running Apache2.2. The service uses multiple URL's for it's interface. xx.xx.xx.xx/webmail is the main interface xx.xx.xx.xx/web-admin is the administrative interface xx.xx.xx.xx/webdav is for access to the WebDAV component Each URL is enabled and it's .conf file is living in sites-enabled/ To secure the first URL, I modified the webmail.conf to have the following lines at the top of the file: SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us and at the bottom of the file. This worked great until I repeated it for the remaining URL's which results in an error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence When I search for tutorials and documentation on how to do this properly, I keep getting information related to securing multiple virtual hosts, which does not really work for my scenario. I would be grateful for any pointers on how I can secure my server properly! Many Thanks! -Nate - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hello Nate, if all your URLs are in the same domain, I would expect only one virtual host. This can contain multiple sections for your purpose. This way you only have one host on port 443. Hope that helps Eggert Am Dienstag, 29. April 2014, 12:48:57 schrieb Foster, Nate: > Hi All, > > I'm new to the list, so please excuse me if I'm in the wrong spot. > > I host a groupware service on a Debian 7 host running Apache2.2. The > service uses multiple URL's for it's interface. > > xx.xx.xx.xx/webmail is the main interface > xx.xx.xx.xx/web-admin is the administrative interface > xx.xx.xx.xx/webdav is for access to the WebDAV component > > Each URL is enabled and it's .conf file is living in sites-enabled/ > > To secure the first URL, I modified the webmail.conf to have the > following lines at the top of the file: > > > SSLEngine on > SSLCertificateFile /etc/ssl/apache.pem > SSLCertificateKeyFile /etc/ssl/private/apache.key > ServerAdmin webmas...@puresolar.us > > > and at the bottom of the file. > > This worked great until I repeated it for the remaining URL's which > results in an error: [warn] _default_ VirtualHost overlap on port 443, > the first has precedence > > When I search for tutorials and documentation on how to do this > properly, I keep getting information related to securing multiple > virtual hosts, which does not really work for my scenario. I would be > grateful for any pointers on how I can secure my server properly! > > Many Thanks! > > -Nate > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Question: How to secure multiple URL's with SSL on a single host with a single domain?
Hi All, I'm new to the list, so please excuse me if I'm in the wrong spot. I host a groupware service on a Debian 7 host running Apache2.2. The service uses multiple URL's for it's interface. xx.xx.xx.xx/webmail is the main interface xx.xx.xx.xx/web-admin is the administrative interface xx.xx.xx.xx/webdav is for access to the WebDAV component Each URL is enabled and it's .conf file is living in sites-enabled/ To secure the first URL, I modified the webmail.conf to have the following lines at the top of the file: SSLEngine on SSLCertificateFile /etc/ssl/apache.pem SSLCertificateKeyFile /etc/ssl/private/apache.key ServerAdmin webmas...@puresolar.us and at the bottom of the file. This worked great until I repeated it for the remaining URL's which results in an error: [warn] _default_ VirtualHost overlap on port 443, the first has precedence When I search for tutorials and documentation on how to do this properly, I keep getting information related to securing multiple virtual hosts, which does not really work for my scenario. I would be grateful for any pointers on how I can secure my server properly! Many Thanks! -Nate - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
