Okay, I was already wondering if there is a problem with more then one
VH and SSL all on the same port (443).
It looks like I have to make the whole server ssl then?
Yes, SSLRequireSSL gives me a 403 denied access.
Boyle Owen wrote:
-----Original Message-----
From: pat [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 19, 2008 1:19 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] httpd2 vhost & ssl configuration problem
Hello Boyle
Just the default ssl vhost is on port 443:
Listen 443
<VirtualHost _default_:443>
ServerName company.com
Include /etc/apache2/vhosts.d/default_vhost.include
...
</VirtualHost>
So this is the VH that serves any HTTPS requests. Remember that SSL
cannot be name-based so you can only have one SSL VH per ip:port.
The simplest thing is just to put the required docroot in here.
Hm okay. What I want is that someone can connect on http:80 and gets
forwarded to https:443, because there is directory based ssl forced.
Do you mean SSLRequireSSL? That doesn't forward or redirect or anything
- it just denies access if the protocol is not HTTPS. Is this working -
do you get a 403?
Should I use default_vhost.conf as template for that? I used
default_ssl_vhost.conf for that... (I am using gentoo)
Personally, I'm a one-big-monolithic-config guy. I never use included
configs and know nothing about how gentoo set things up.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Regards,
pat
Boyle Owen wrote:
-----Original Message-----
From: pat [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 19, 2008 12:11 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] httpd2 vhost & ssl configuration problem
Hello
I have a problem with the apache2 configuration if I want
to combine
vhost and ssl settings.
My apache opts: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D
LANGUAGE -D
SSL -D SSL_DEFAULT_VHOST -D PHP5 -D PERL -D PYTHON -D SUEXEC"
This is my vhost config:
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
<VirtualHost *:80>
Do you have a VH on port 443?
NB: SSL is a separate port-based VH, not an extra attribute you tack
onto a plain HTTP VH.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
ServerName host.company.com
DirectoryIndex index.php index.html
DocumentRoot "/var/www/localhost/htdocs/host-company-com"
ServerAlias host.company.com *.host.company.com
ErrorLog /var/log/apache2/vhosts/error_log
CustomLog /var/log/apache2/vhosts/access_log common
<Directory "/var/www/localhost/htdocs/host-company-com">
SSLRequireSSL
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Now my problem is that if I connect to
http://host.company.com works
(the content from /var/www/localhost/htdocs/host-company-com
is shown),
but if I connect to https://host.company.com it doesn't work
correctly
and the content from /var/www/localhost/htdocs/ (default
DocumentRoot)
is shown.
Why? I want to have ssl support for my vhost
"host.company.com" but
apache forwards to the wrong DocumentRoot.
Does anyone have an idea, what the problem is?
Thank you and best regards,
pat
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is for the named person's use only. It may
contain confidential, proprietary or legally privileged
information. If you receive this message in error, please
notify the sender urgently and then immediately delete the
message and any copies of it from your system. Please also
immediately destroy any hardcopies of the message. The
sender's company reserves the right to monitor all e-mail
communications through their networks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Patrick Grieshaber
http://www.ng-lab.org
[EMAIL PROTECTED]
[EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Patrick Grieshaber
http://www.ng-lab.org
[EMAIL PROTECTED]
[EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
