I think, you have to include the ssl port when stating namevirtualhost. At me it wasn't working until::
NameVirtualHost my.ip.add.res:80 NameVirtualHost my.ip.add.res:443
Csaba
What about telling howto correctly load needed modules instead of telling him things he already knows :-)
Hi list,
(long post, sorry) I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.
Any hints will be appreciated...
TIA, Stefan
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
<IfModule mod_ssl.c> Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost my.ip.add.res:80
and under /etc/apache2/vhosts.d I have three .conf files:
www.mydomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@mydomain.tld ServerName www.mydomain.tld DocumentRoot /some/where HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myvirtualdomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@myvirtualdomain.tld ServerName www.myvirtualdomain.tld DocumentRoot /some/where/else HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myssldomain.tld.conf:
<IfDefine SSL>
DocumentRoot "/some/where/secure" ServerName www.myssldomain.tld ServerAdmin webmaster@myssldomain.tld ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log Alias /horde "/home/www-ssl/horde" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/cert.pem SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem SSLVerifyClient none
SSLOptions +StdEnvVars </Files> SSLOptions +StdEnvVars </Directory> #SSLSessionCache none #SSLSessionCache dbm:/var/lib/apache2/ssl_scache #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) SSLSessionCache shmcb:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Options Includes FollowSymLinks AllowOverride None Order allow,deny Allow from all SSLRequireSSL </Directory> ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
AllowOverride None order allow,deny allow from all SSLRequireSSL </Directory> </VirtualHost>
Hi! Soe forewords: 1) ssl only works on one single ip per hostname. 2) virtual hosts work unlimited on one ip My working config: /etc/sysconfig/apache2 APACHE_START_TIMEOUT="5" APACHE_MODULES="[...] ssl" #[..] means the other modules there APACHE_SERVER_FLAGS="-D SSL" There's a minor change in 9.1, you dont put the config in /etc/apache2/httpd.conf, you put it into vhosts-definitions: /etc/apache2/vhosts.d copy vhost-ssl.template to e.g. your-server-ssl.conf edit the file, setup correct hostname, admin-email, document-root and generate server-certificates with gensslcert. Maybe you have to rename the certificates, they are located in: /etc/apache2/ssl.crt /etc/apache2/ssl.csr /etc/apache2/ssl.key For self signing certificates look with google how to work out. After all files lay on the correct location do a rcapache2 restart and enjoy. Maybe you have to configure your firewall to open tcp port 443 for incoming connections, if you use a firewall. Philippe