netbsd-users: Re: strange apache & SSL problem

Subject: Re: strange apache & SSL problem
To: Dick Davies <rasputnik@hellooperator.net>
From: None <carnivorous@gmail.com>
List: netbsd-users
Date: 01/12/2005 23:57:05

Looks like here's my mistake.

My apache config uses some name-based virtual hosts, one of them being
www.host.com.   I remember that I can't use SSL and with normal http
on the same virtualhost.  So when I use a seperate IP address just for
the SSL stuff, it works fine.


On Thu, 13 Jan 2005 05:37:11 +0000, Dick Davies
<rasputnik@hellooperator.net> wrote:
> * carnivorous@gmail.com <carnivorous@gmail.com> [0140 02:40]:
> 
> > Earlier when I said openssl s_client -connect www.myserver.com:443 was
> > working...  Well, that wasn't entirely true.  I just noticed that it
> > works for openssl s_client -connect localhost:443, but when I put the
> > external server address instead of localhost, it just hangs.
> >
> > Also, doing a completely fresh install & creating certificates, I
> > noticed that even when ssl.conf under /usr/local/etc/httpd is NOT
> > configured with the right values (i.e. it still has the
> > server.example.com example in it), I see the same weird characters in
> > my access_log.  So this means that it's not a configuration problem.
> >
> > I've tried
> >
> > Listen 1.2.3.4:443
> >
> > where 1.2.3.4 is my real IP address, in hopes that it would only bind
> > to the external address, but that didn't work.  This time 'openssl
> > s_client -connect localhost:443' just gave me a connection refused.
> 
> That's what you'd expect, surely?
> 
> How about adding
> 
> rasputin@lb:httpd$ egrep -r '(NameVirtualHost|Listen)' httpd.conf
> Listen 0.0.0.0:80
> Listen 0.0.0.0:443
> NameVirtualHost *:80
> NameVirtualHost *:443
> 
> The Listen directives will sort your connection errors, if you're lucky
> the namevirtualhost might get the ssl vhost into play.
> 
> (not sure whether you need the NameVirtualHost entries for a __default__
> vhost, I don't use them. The 0.0.0.0 is to stop httpd listening on ipv6
> (which it does if I use '*'.)
> 
> --
> 'A little rudeness and disrespect can elevate a meaningless interaction
> into a battle of wills and add drama to an otherwise dull day.'
>                 -- Calvin discovers Usenet
> Rasputin :: Jack of All Trades - Master of Nuns
>