If I'm not mistaken, you should use only ONE overall
ServerName-directive in your configs, the rest should be handled with
ServerAlias (even having multiple VHosts)
Meaning, if you change
ServerName xyz.domain.com
to
ServerAlias xyz.domain.com
it should work.
Cheers
Gregor
--
what's
Pavel,
On Dec 30, 2007 4:36 AM, [EMAIL PROTECTED] wrote:
not exactly true, you may try to use the SNI patch that allows several
certs on a single ip.
it's still true, however, maybe the statement is not complete.
TLS is pretty new, and i.e. my firefox-browser does not accept such a
cert for
you will need either different ip/port-combinations for each ssl-site
or you can try with the so-called wildcard-certs (example.
https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html).
most recent browsers will support them.
cheers
gregor
--
what's puzzlin' you, is the nature
hi krist,
Are you sure? This looks like Apache behaving against its
specification in a big way.
I am sure since it's working as expected.
Afaik this issue has been discussed before, I just couldn't find it.
Against what specs should Apache behave? Any URL quoting those specs?
As I'm
Hi Owen!
On Nov 21, 2007 4:59 PM, Boyle Owen [EMAIL PROTECTED] wrote:
That's about right... You didn't (mercifully :-) show us your complete config,
well, if u need some reading-stuff. I'll send them to ypu right away
or, if you prefer, post 'em here on the list ;)
but I'm guessing you just
Hi Guys,
I always keep being puzzled about those options, and I also don't get
enlighted by the doc.
this is what I have:
System: Debian Etch
/etc/apache2/apaxhe2.conf:
...
NameVirtualHost *:80
NameVirtualHost *:443
...
in /etc/apache2/sites-enabled I have
file clue:
VirtualHost *:80
On 11/6/07, Ryan Barnett [EMAIL PROTECTED] wrote:
Why not a URL where we can view it?
[Ryan Barnett] Here you go -
http://apachebenchmark.sourceforge.net/CIS_Apache_Benchmark_v2.1.doc
ehem - great, however, there's no such thing like ms word on my machine -
hope it's not too much asking for
Within Nessus, you have the options to choose the tests you want to run.
It's a bit of work, however, configuring (choosing those tests dealing
with *your* os / webserver / database etc.) and then saving them for
future usage is worth while and avoids such garbage-messages.
Coming to your
the only nonsense is to run dos / win-modules on a *nix-box then
worry about the messages...
cheers
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
if (knowledge == 0) {
read (FAQ);
use (SEARCH_DOCS);
use (GOOGLE);
} else {
use (BRAIN);
make (POST);
}
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
www.debian.org
man aptitude
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
The official User-To-User support
how about mod_rewrite?
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
Sorry, Kevin,
thought the only difference between the Request and the 302-Response
was http/https (meaning redirecting to HTTPS). I simply got you wrong.
Cheers
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @
VirtualHost your_ip_here:80
ServerName www.foo.com
[ ... ]
RewriteEngine On
RewriteRule ^/(.*)$ https://www1.foo.com/$1
[ ...]
/VirtualHost
VirtualHost your_ip_here:443
ServerAlias www1.foo.com
[ ... ]
/VirtualHost
HTH
Gregor
--
what's puzzlin' you, is the nature of my game
Well, it's raining here in Cologne although I bought tanner yesterday,
anybody can help?
Have a look here http://www.catb.org/~esr/faqs/smart-questions.html,
re-think and then come back.
And, btw., reading the manual usually is a good start...
Greg
--
what's puzzlin' you, is the nature of my
Hi Ian,
great your problem is solved now, however, could you pls. describe
what didn't work with the other solution (SetEnvIf Mod_headers)?
I'm just curious since this is working for us.
What headers are you getting xactly now? Just Expires, I assume, and
no Cache-Control: - right?
Cheers
Rather than looking at Ethereal, get yourself a copy of Firefox and
install the plugin LiveHttpHeaders
(https://addons.mozilla.org/firefox/3829/) - saved us a lot of time
here and made life *much* easier.
good luck!
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp:
although offtopic:
how about
find / -type f -name test\.sh -print
I assume you try this as root?
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
Anil,
sorry, don't know about your config and I'm running Debian here,
besides we're offtopic.
Maybe you want to report your problem to the Suse mailinglist.
Just send a blank mail to [EMAIL PROTECTED] with the
topic subscribe, I'm sure you'll find some competent help there.
Cheers
Greg
--
Hi guys,
I'm wondering if setting up Squid as a reverse proxy in front of our
hardware-load-balanced Apache/Tomcat-installations could boost up
performance.
After I did some reading about Squid, I understood:
- Squid is caching requests
- I can prevent Squid from caching dynamic content
-
Hi Meir,
we are not using LDAP.
The principle of our solution is as follows:
We have written a simple Servlet, that gets authenticated by Tomcat
via FormLogin.
The Servlet will then read the Cookie JSSOSessionID and will write the
contents of this Cookie into the MySQL-DB specified by
nope. you could create a memory-realm for tomcat, however, you'll need
a mysql-db for apache (mod_auth_cookie_mysql).
cheers
greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
nope, it's one module, and it doesn't break modularity. please refer
to the docs which have been posted above to understand how it's
working.
maybe you can do the same by combining the named modules, however,
it's way more work, more complex and it's really the question if you
get it working
take a look at mod_auth_cookie_mysql2 (assuming you're using apache2):
http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/
cheers
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
forgot to mention:
the above solution works the other way round: authentication is done
by tomcat, which then passes a cookie. the cookie is stored in a
mysql-db which is read by mod_auth_cookie_mysql. if there's a valid
entry, authorization for apache is granted by mod_auth_cookie_mysql.
Dear list,
I've just migrated an I386-Linux-Debian Sarge to Edge. Since Edge
includes Apache 2.2, this means I also had to move from Apache 2.0.x
to Apache 2.2
Although I know that Joshua is going to scold me ;), I've set up 3
SSL-VHosts on one Debian-Server, all having the same IP. This is a
My suggestion:
VirtualHost *:80
ServerName your_server
ServerAdmin [EMAIL PROTECTED]
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
#
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1
http://tomcat.apache.org/connectors-doc/
cheers
Greg
--
what's puzzlin' you, is the nature of my game
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html
This wont work.
Ian asked if both (Apache Tomcat) could be configured to listen on
the same port, and the anser here is definately a NO.
What you can do is use the connector JK 1.2, run Apache in front,
Tomcat on port i.e. 8009. JK then will forward the specified requests
to Tomcat, similar to
Forgot to mention that Ian asked in the Tomcat-userlist if he could
run both on the same port (check for the post Can Apache and Tomcat
both be configured in port 80?)
Sorry, forgot to mention that
Greg
--
what's puzzlin' you, is the nature of my game
Hi folks,
at last everything is working as expected. I can specify as many NAME
BASED SSL-Virtual Hosts for the same IP-adress.
PLEASE DO NOTE THAT THIS IS JUST A TEST / DEVELOPMENT-SETUP AND THAT
THE SSL-CONNECTION IS NOT SECURE (please refer to the previous
explanations in this thread).
Hi owen,On 10/19/06, Boyle Owen [EMAIL PROTECTED] wrote:
The question is usually asked by people who haven't thought long enoughabout why they want to use SSL. They think because it's encrypted on thewire, that's already pretty good and having a valid cert is just a
bureaucratic bonus.nope, that
Joshua,I really do appreciate your effort in this list and your support, however:I've tried that, I read the docs you mentioned, I tried it also with NameVirtualHost*:80 and NameVirtualHost *:443, all to no avail.
See, in the end I'm developing J2EE-wepapps, that's my job, but I'm far from being a
Joshua.On 10/19/06, Joshua Slive [EMAIL PROTECTED] wrote:
That's fine.But then you should post your best attempt at the properconfig.Not some garbage you are guessing at that has no resemblanceat all to the docs that you say you read.(I can't imagine how youcould have read those docs and come up
Ok, maybe now I'm getting what you mean:I kept the configs as they are, but changed my apache2.conf toNameVirtualHost test-dom:80NameVirtualHost test-dom:443and I've changed my VHosts all the (abbreviated)
VirtualHost *:80 ServerAdmin [EMAIL PROTECTED] ServerName test-domVirtualHost *:443
Great, that made it, but I'd also like to understand what happend.
The docs say:
ServerName Directive
Description:Hostname and port that the server uses to identify itself
Syntax:ServerName [scheme://]fully-qualified-domain-name[:port]
Context:server config, virtual host
Status:Core
Joshua,
I really have to thank you for this, somehow I really must have
misunderstood the doc completely.
If I read all the posts regarding SSL in this (and the other post):
Do I assume correctly that
- I can set up test-clue:443 and test-ltc:443 in the same way, provided
- they are using the
OK, I will try this tomorrow (been a long day here in Europe) and if I
hopefully succeed, I'll post the working configs so that other can
participate.
Thanks again good night!
Greg
--
what's puzzlin' you, is the nature of my game
[x] my signature heregregor-- what's puzzlin' you, is the nature of my game
Hi Pane,thanks a lot, I guess the (.*) was the _expression_ I was looking for.Great!Gregor-- what's puzzlin' you, is the nature of my game
Hi guys,I've just walked through the docs of mod_rewrite and I got overwhelmed by the complexity of it :(Actually I just want to do quite a simple thing:If my URI contains/SingleSignOn/SingleSignOn?r=/dom[plus_some_other_stuff_here]
change it to/SingleSignOn/SingleSignOn?r=/domIf I got the docs
Dear all,
just a stupid question regarding Apache and sessions:
We are running Apache 2.0.5x together with Tomcat 5.15.x and are using
mod_auth_cookie_mysql. Authorization is handeld via Tomcat.
Now mod_auth_cookie_mysql sets an expiration-time into the
MySQL-database, after which the cookie
and maybe another free-of-charge-tip for the future:
never ever post the name of your website AND your configs AND
demonstrate to the whole list that you got no idea of how to setup a
web-server: the result is most likely that your webserver won't be
running for too long since this is an
Hi Jacky,
without knowing too much about mod_caucho, to me it sounds as if there
is a misconfiguration in mod_caucho since the documents seem not to be
forwarded to your Resin container.
Can you determine wether your pages (when the source-code is
displayed) are served by Apache or Resin?
I
hi jacky,
you also wrote we discover that sometimes apache will display - are
you able to specify this sometimes? can you spot any rules when this
happens? is it for a certain wep-app only? only a certain url? if so,
what's the difference between the working wep-apps and the wep-apps
not
Jacky,
just try to call your Resin-app directly (i.e.
http://your_host/your_app:8009 where 8009 is the port where Resin is
listening to) and try to reproduce the behaviour.
As Nick wrote, it's most likely that it's a Resin-thing *unless*
your jsp-directories are available to Apache (that could
Ooops, should have waited 5 minutes, anyways...
Jacky, that means you have a complete copy of your JSP-files on your
Apache-machine?
If so, have you taken a look into your Apache-logs? Is there an option
that you configure mod_caucho so that it logs in debug-mode?
Greg
--
what's puzzlin' you,
Jack,
you're better of with a 404 rather than the source, hm?
Take a look at the apache access-logs: What's the url causing a 404?
What's the url when getting a 200? Is there a difference?
Cheers
Greg
--
what's puzzlin' you, is the nature of my game
ok - i just got my popcorn beer ;)
cheers!
greg
ps: thank god there are some volunteers like you who test the new
stuff so we don't have to ;)
--
what's puzzlin' you, is the nature of my game
-
The official User-To-User
Hi Joshua,first, thanks for the info.Anyhow, a few questions:On 8/3/06, Joshua Slive [EMAIL PROTECTED]
wrote:
Apache HTTPD 2.0.48, Suse 9 something, Tomcat 5.0.28 working together with Apache HTTPD via mod_jk. Rather old version of apache.actually it's 2.0.49 - however, we do prefer some
Hi Joshua,On 8/3/06, Joshua Slive [EMAIL PROTECTED] wrote:
The point is, if you know you need those modules, those lines do absolutely nothing positive and may deceive you into thinking nothing is wrong if the modules are ever removed.ok,gotthat
That's all a tomcat issue that would be better
hi guys,I'm getting nuts here. This is what i have:Apache HTTPD 2.0.48, Suse 9 something, Tomcat 5.0.28 working together with Apache HTTPD via mod_jk.I have loaded and included both mod_headers and mod_expires (verified via https:/.../server-info), however, something puzzels me here:
First, I'm
52 matches
Mail list logo