Re: [users@httpd] apache and ssl

Thu, 29 Jun 2006 06:52:37 -0700

I do have two NameVirtualHost definitions:

NameVirtualHost 192.168.0.12:80
NameVirtualHost 192.168.0.13:443

On my firewall, I have port 80 traffic going to 192.168.0.12 and 443 traffic going to 192.168.0.13.  Both ip's are used on the same server by way of assigning multiple ip addresses to one nic.  Should I change my vhost definitions to use on the 192.168.0.12 ip address instead of using the two shown above?

Thanks,
Dave



Pid <[EMAIL PROTECTED]> wrote:
Does anyone else think that this is wrong?

SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt

It looks like you're telling it that the Certificate Authority is the
same file as the Certificate itself. I could be wrong tho.



As regards to the VHost defs: it depends what you've got in front of the
server in the way of DNS or loadbalancers.

Your domain name can only resolve to point at one IP address (unless
you're using load balancers or proxies etc etc). So any request for the
SSL port of demo.sitename.com is going to arrive at the same IP as the
port 80 connection.

http://demo.sitename.com > IP1
https://demo.sitename.com > Still IP1


(Have you set "NameVirtualHost" or not?)



Dave Henderson wrote:
> I am wondering if the virtual host definitions are wrong. Can I do the
> following (even though the ServerName options have the same value)? Can
> I use the IP addresses like I have done below?
>
>
>
> ServerAdmin [EMAIL PROTECTED]
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo
>
> # This should be changed to whatever you set DocumentRoot to.
>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
>
>
>
>
> ServerAdmin [EMAIL PROTECTED]
> ServerName demo.sitename.com
> DocumentRoot /var/www/sitename.com/demo/ssl
>
> # SSL specifications
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x$
> #
> # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> # SSLVerifyClient require
> # SSLVerifyDepth 1
> #
>
> # This should be changed to whatever you set DocumentRoot to.
>
> Options Indexes Includes
> AllowOverride Options
> Order allow,deny
> Allow from all
>
> ErrorLog /var/log/apache2/sitename.com/demo/error.log
> CustomLog /var/log/apache2/sitename.com/demo/access.log common
> CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>
> # Possible values: debug, info, notice, warn, error, crit,
> alert, emerg.
> LogLevel warn
>
> ServerSignature On
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Reply via email to