netbsd-users: Re: strange apache & SSL problem

Subject: Re: strange apache & SSL problem
To: None <carnivorous@gmail.com>
From: Dick Davies <rasputnik@hellooperator.net>
List: netbsd-users
Date: 01/13/2005 10:13:01
* carnivorous@gmail.com <carnivorous@gmail.com> [0157 07:57]:
> Looks like here's my mistake.
> 
> My apache config uses some name-based virtual hosts, one of them being
> www.host.com.   I remember that I can't use SSL and with normal http
> on the same virtualhost.  So when I use a seperate IP address just for
> the SSL stuff, it works fine.

You can't on the same actual vhost, but the same  servername is fine.
Actually that should be ok, just need the two NameVirtualHost directives
below - then just include the port number in the name , a la: 

<VirtualHost www.host.com:80>
  .....
</VirtualHost>
<VirtualHost www.host.com:443>
  SSLEngine on
  .....
</VirtualHost>


 
> 
> On Thu, 13 Jan 2005 05:37:11 +0000, Dick Davies
> <rasputnik@hellooperator.net> wrote:
> > * carnivorous@gmail.com <carnivorous@gmail.com> [0140 02:40]:
> > 
> > > Earlier when I said openssl s_client -connect www.myserver.com:443 was
> > > working...  Well, that wasn't entirely true.  I just noticed that it
> > > works for openssl s_client -connect localhost:443, but when I put the
> > > external server address instead of localhost, it just hangs.
> > >
> > > Also, doing a completely fresh install & creating certificates, I
> > > noticed that even when ssl.conf under /usr/local/etc/httpd is NOT
> > > configured with the right values (i.e. it still has the
> > > server.example.com example in it), I see the same weird characters in
> > > my access_log.  So this means that it's not a configuration problem.
> > >
> > > I've tried
> > >
> > > Listen 1.2.3.4:443
> > >
> > > where 1.2.3.4 is my real IP address, in hopes that it would only bind
> > > to the external address, but that didn't work.  This time 'openssl
> > > s_client -connect localhost:443' just gave me a connection refused.
> > 
> > That's what you'd expect, surely?
> > 
> > How about adding
> > 
> > rasputin@lb:httpd$ egrep -r '(NameVirtualHost|Listen)' httpd.conf
> > Listen 0.0.0.0:80
> > Listen 0.0.0.0:443
> > NameVirtualHost *:80
> > NameVirtualHost *:443
> > 
> > The Listen directives will sort your connection errors, if you're lucky
> > the namevirtualhost might get the ssl vhost into play.
> > 
> > (not sure whether you need the NameVirtualHost entries for a __default__
> > vhost, I don't use them. The 0.0.0.0 is to stop httpd listening on ipv6
> > (which it does if I use '*'.)
> > 
> > --
> > 'A little rudeness and disrespect can elevate a meaningless interaction
> > into a battle of wills and add drama to an otherwise dull day.'
> >                 -- Calvin discovers Usenet
> > Rasputin :: Jack of All Trades - Master of Nuns
> >

-- 
'And if you think you're going to bleed all over me
you're even wronger than you normally be'
		-- The Specials, 'Little Bitch'
Rasputin :: Jack of All Trades - Master of Nuns