1 |
This time a bamboozling Apache/vhost/https problem. |
2 |
|
3 |
I have a working vhost configuration for several domains in apache2 |
4 |
(latest stable from portage - 2.0.58) and I want to support not only |
5 |
http services, but, for one domain name at least, I want to support an |
6 |
https service. The working configuration for http has a |
7 |
00_default_vhost.conf file:- |
8 |
|
9 |
-- |
10 |
NameVirtualHost *:80 |
11 |
|
12 |
<VirtualHost *:80> |
13 |
DocumentRoot /var/www/vlan.mydomain.net |
14 |
ServerName vlan.mydomain.net |
15 |
</VirtualHost> |
16 |
|
17 |
<VirtualHost *:80> |
18 |
ServerName temporary.mydomain.net |
19 |
DocumentRoot /var/www/temporary.mydomain.net |
20 |
</VirtualHost> |
21 |
-- |
22 |
|
23 |
|
24 |
I updated this (following a how-to as closely as I could...) to this: |
25 |
|
26 |
-- |
27 |
NameVirtualHost *:80 |
28 |
NameVirtualHost *:443 |
29 |
|
30 |
<VirtualHost *:80> |
31 |
DocumentRoot /var/www/vlan.mydomain.net |
32 |
ServerName vlan.mydomain.net |
33 |
</VirtualHost> |
34 |
|
35 |
<VirtualHost *:80> |
36 |
ServerName temporary.mydomain.net |
37 |
DocumentRoot /var/www/temporary.mydomain.net |
38 |
</VirtualHost> |
39 |
|
40 |
<VirtualHost *:443> |
41 |
DocumentRoot /var/www/ssl.mydomain.net |
42 |
ServerName ssl.mydomain.net |
43 |
SSLCipherSuite HIGH:MEDIUM |
44 |
SSLProtocol all -SSLv2 |
45 |
SSLCertificateFile /etc/apache2/ssl.crt/ssl.mydomain.net.crt |
46 |
SSLCertificateKeyFile /etc/apache2/ssl.crt/ssl.mydomain.key |
47 |
SSLCertificateChainFile /etc/apache2/ssl.crt/mydomain.crt |
48 |
SSLCACertificateFile /etc/apache2/ssl.crt/mydomain.crt |
49 |
</VirtualHost> |
50 |
-- |
51 |
|
52 |
I believe that I've put valid crt and key files in /etc/apache2/ssl.crt/ |
53 |
- and I'd have expected an error message at least if this is, in fact, |
54 |
the fault. |
55 |
|
56 |
When I parse this configuration with apache2 and the flags from |
57 |
/etc/conf.d/apache2 (i.e. SSL ) this is how it goes : |
58 |
-- |
59 |
# apache2 -D SSL --lint |
60 |
# apache2 -D SSL -S |
61 |
VirtualHost configuration: |
62 |
wildcard NameVirtualHosts and _default_ servers: |
63 |
*:443 is a NameVirtualHost |
64 |
default server ssl.mydomain.net |
65 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:12) |
66 |
port 443 namevhost ssl.mydomain.net |
67 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:12) |
68 |
*:80 is a NameVirtualHost |
69 |
default server vlan.mydomain.net |
70 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:24) |
71 |
port 80 namevhost vlan.mydomain.net |
72 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:24) |
73 |
port 80 namevhost temporary.mydomain.net |
74 |
(/etc/apache2/vhosts.d/00_default_vhost.conf:37) |
75 |
Syntax OK |
76 |
-- |
77 |
|
78 |
Unfortunately, when I attempt to connect to the SSL service on |
79 |
http://ssl.mydomain.net/ using Firefox I get an immediate error : |
80 |
|
81 |
"The connection was interrupted |
82 |
The connection to ssl.shic.dynalias.net was interrupted while the page |
83 |
was loading." |
84 |
|
85 |
Links (the text browser) gives the somewhat less helpful error message : |
86 |
|
87 |
"Error loading https://ssl.mydomain.net/: SSL error" |
88 |
|
89 |
Nothing seems to be written to /var/log/apache2/error_log or access_log. |
90 |
|
91 |
I've read reports that I must be explicit about which IP address I want |
92 |
to vhost on - which is undesirable as I want to serve both over Ethernet |
93 |
and Wireless (i.e. I have two network adaptors) - but seems to make no |
94 |
difference if I experimentally substitute my ethernet IP address for * |
95 |
in the vhost configuration. |
96 |
|
97 |
What's wrong? |
98 |
|
99 |
-- |
100 |
gentoo-user@g.o mailing list |