Subject: Re: strange apache & SSL problem
To: Dick Davies <rasputnik@hellooperator.net>
From: None <carnivorous@gmail.com>
List: netbsd-users
Date: 01/13/2005 02:41:39
Problem solved.....
Here is what I had to do:
- Add Listen 1.2.3.4:443 to ssl.conf
- Add <VirtualHost 1.2.3.4:443> and ServerName www.myserver.com:443 to ssl.conf
- Add NameVirtualHost 1.2.3.4:80 and NameVirtualHost 1.2.3.4:443 to httpd.conf
- Add :80 at the end of every non-SSL <VirtualHost 1.2.3.4> tag in my httpd.conf
Now it works like a charm. Thanks everyone for all your help and patience!
On Thu, 13 Jan 2005 10:13:01 +0000, Dick Davies
<rasputnik@hellooperator.net> wrote:
> * carnivorous@gmail.com <carnivorous@gmail.com> [0157 07:57]:
> > Looks like here's my mistake.
> >
> > My apache config uses some name-based virtual hosts, one of them being
> > www.host.com. I remember that I can't use SSL and with normal http
> > on the same virtualhost. So when I use a seperate IP address just for
> > the SSL stuff, it works fine.
>
> You can't on the same actual vhost, but the same servername is fine.
> Actually that should be ok, just need the two NameVirtualHost directives
> below - then just include the port number in the name , a la:
>
> <VirtualHost www.host.com:80>
> .....
> </VirtualHost>
> <VirtualHost www.host.com:443>
> SSLEngine on
> .....
> </VirtualHost>
>
>
> >
> > On Thu, 13 Jan 2005 05:37:11 +0000, Dick Davies
> > <rasputnik@hellooperator.net> wrote:
> > > * carnivorous@gmail.com <carnivorous@gmail.com> [0140 02:40]:
> > >
> > > > Earlier when I said openssl s_client -connect www.myserver.com:443 was
> > > > working... Well, that wasn't entirely true. I just noticed that it
> > > > works for openssl s_client -connect localhost:443, but when I put the
> > > > external server address instead of localhost, it just hangs.
> > > >
> > > > Also, doing a completely fresh install & creating certificates, I
> > > > noticed that even when ssl.conf under /usr/local/etc/httpd is NOT
> > > > configured with the right values (i.e. it still has the
> > > > server.example.com example in it), I see the same weird characters in
> > > > my access_log. So this means that it's not a configuration problem.
> > > >
> > > > I've tried
> > > >
> > > > Listen 1.2.3.4:443
> > > >
> > > > where 1.2.3.4 is my real IP address, in hopes that it would only bind
> > > > to the external address, but that didn't work. This time 'openssl
> > > > s_client -connect localhost:443' just gave me a connection refused.
> > >
> > > That's what you'd expect, surely?
> > >
> > > How about adding
> > >
> > > rasputin@lb:httpd$ egrep -r '(NameVirtualHost|Listen)' httpd.conf
> > > Listen 0.0.0.0:80
> > > Listen 0.0.0.0:443
> > > NameVirtualHost *:80
> > > NameVirtualHost *:443
> > >
> > > The Listen directives will sort your connection errors, if you're lucky
> > > the namevirtualhost might get the ssl vhost into play.
> > >
> > > (not sure whether you need the NameVirtualHost entries for a __default__
> > > vhost, I don't use them. The 0.0.0.0 is to stop httpd listening on ipv6
> > > (which it does if I use '*'.)
> > >
> > > --
> > > 'A little rudeness and disrespect can elevate a meaningless interaction
> > > into a battle of wills and add drama to an otherwise dull day.'
> > > -- Calvin discovers Usenet
> > > Rasputin :: Jack of All Trades - Master of Nuns
> > >
>
> --
> 'And if you think you're going to bleed all over me
> you're even wronger than you normally be'
> -- The Specials, 'Little Bitch'
> Rasputin :: Jack of All Trades - Master of Nuns
>