| 1 |
This time a bamboozling Apache/vhost/https problem. |
| 2 |
|
| 3 |
I have a working vhost configuration for several domains in apache2 |
| 4 |
(latest stable from portage - 2.0.58) and I want to support not only |
| 5 |
http services, but, for one domain name at least, I want to support an |
| 6 |
https service. The working configuration for http has a |
| 7 |
00_default_vhost.conf file:- |
| 8 |
|
| 9 |
-- |
| 10 |
NameVirtualHost *:80 |
| 11 |
|
| 12 |
<VirtualHost *:80> |
| 13 |
DocumentRoot /var/www/vlan.mydomain.net |
| 14 |
ServerName vlan.mydomain.net |
| 15 |
</VirtualHost> |
| 16 |
|
| 17 |
<VirtualHost *:80> |
| 18 |
ServerName temporary.mydomain.net |
| 19 |
DocumentRoot /var/www/temporary.mydomain.net |
| 20 |
</VirtualHost> |
| 21 |
-- |
| 22 |
|
| 23 |
|
| 24 |
I updated this (following a how-to as closely as I could...) to this: |
| 25 |
|
| 26 |
-- |
| 27 |
NameVirtualHost *:80 |
| 28 |
NameVirtualHost *:443 |
| 29 |
|
| 30 |
<VirtualHost *:80> |
| 31 |
DocumentRoot /var/www/vlan.mydomain.net |
| 32 |
ServerName vlan.mydomain.net |
| 33 |
</VirtualHost> |
| 34 |
|
| 35 |
<VirtualHost *:80> |
| 36 |
ServerName temporary.mydomain.net |
| 37 |
DocumentRoot /var/www/temporary.mydomain.net |
| 38 |
</VirtualHost> |
| 39 |
|
| 40 |
<VirtualHost *:443> |
| 41 |
DocumentRoot /var/www/ssl.mydomain.net |
| 42 |
ServerName ssl.mydomain.net |
| 43 |
SSLCipherSuite HIGH:MEDIUM |
| 44 |
SSLProtocol all -SSLv2 |
| 45 |
SSLCertificateFile /etc/apache2/ssl.crt/ssl.mydomain.net.crt |
| 46 |
SSLCertificateKeyFile /etc/apache2/ssl.crt/ssl.mydomain.key |
| 47 |
SSLCertificateChainFile /etc/apache2/ssl.crt/mydomain.crt |
| 48 |
SSLCACertificateFile /etc/apache2/ssl.crt/mydomain.crt |
| 49 |
</VirtualHost> |
| 50 |
-- |
| 51 |
|
| 52 |
I believe that I've put valid crt and key files in /etc/apache2/ssl.crt/ |
| 53 |
- and I'd have expected an error message at least if this is, in fact, |
| 54 |
the fault. |
| 55 |
|
| 56 |
When I parse this configuration with apache2 and the flags from |
| 57 |
/etc/conf.d/apache2 (i.e. SSL ) this is how it goes : |
| 58 |
-- |
| 59 |
# apache2 -D SSL --lint |
| 60 |
# apache2 -D SSL -S |
| 61 |
VirtualHost configuration: |
| 62 |
wildcard NameVirtualHosts and _default_ servers: |
| 63 |
*:443 is a NameVirtualHost |
| 64 |
default server ssl.mydomain.net |
| 65 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:12) |
| 66 |
port 443 namevhost ssl.mydomain.net |
| 67 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:12) |
| 68 |
*:80 is a NameVirtualHost |
| 69 |
default server vlan.mydomain.net |
| 70 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:24) |
| 71 |
port 80 namevhost vlan.mydomain.net |
| 72 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:24) |
| 73 |
port 80 namevhost temporary.mydomain.net |
| 74 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:37) |
| 75 |
Syntax OK |
| 76 |
-- |
| 77 |
|
| 78 |
Unfortunately, when I attempt to connect to the SSL service on |
| 79 |
http://ssl.mydomain.net/ using Firefox I get an immediate error : |
| 80 |
|
| 81 |
"The connection was interrupted |
| 82 |
The connection to ssl.shic.dynalias.net was interrupted while the page |
| 83 |
was loading." |
| 84 |
|
| 85 |
Links (the text browser) gives the somewhat less helpful error message : |
| 86 |
|
| 87 |
"Error loading https://ssl.mydomain.net/: SSL error" |
| 88 |
|
| 89 |
Nothing seems to be written to /var/log/apache2/error_log or access_log. |
| 90 |
|
| 91 |
I've read reports that I must be explicit about which IP address I want |
| 92 |
to vhost on - which is undesirable as I want to serve both over Ethernet |
| 93 |
and Wireless (i.e. I have two network adaptors) - but seems to make no |
| 94 |
difference if I experimentally substitute my ethernet IP address for * |
| 95 |
in the vhost configuration. |
| 96 |
|
| 97 |
What's wrong? |
| 98 |
|
| 99 |
-- |
| 100 |
gentoo-user@g.o mailing list |
Archives