Hi list,
(long post, sorry)
I've decided that with my move to 9.1, it's time to move to apache2 as
well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a
single SSL ip-based virtual host on port 443. Which worked without
problem on apache 1.x, but now I can't get the SSL part working (the
name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name
based virtual hosts without even a hint of the ssl one. It's as if it
never even reads the SSL virtual host .conf file. Apache starts up
without an error, but listens only to port 80.
Any hints will be appreciated...
TIA,
Stefan
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
Hi, You have to edit /etc/sysconfig/apache2 and set: APACHE_SERVER_FLAGS="SSL" Otherwise, the "Listen 443"-Directive will not be evaluated. You may also have to run SuSEconfig after editing the file. Best Regards, Holger Am Samstag, 12. Juni 2004 18:17 schrieb Stefan Suurmeijer:
Hi list,
(long post, sorry) I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.
Any hints will be appreciated...
TIA, Stefan
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
<IfModule mod_ssl.c> Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost my.ip.add.res:80
and under /etc/apache2/vhosts.d I have three .conf files:
www.mydomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@mydomain.tld ServerName www.mydomain.tld DocumentRoot /some/where HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myvirtualdomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@myvirtualdomain.tld ServerName www.myvirtualdomain.tld DocumentRoot /some/where/else HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myssldomain.tld.conf:
<IfDefine SSL>
DocumentRoot "/some/where/secure" ServerName www.myssldomain.tld ServerAdmin webmaster@myssldomain.tld ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log Alias /horde "/home/www-ssl/horde" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/cert.pem SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem SSLVerifyClient none
SSLOptions +StdEnvVars </Files> SSLOptions +StdEnvVars </Directory> #SSLSessionCache none #SSLSessionCache dbm:/var/lib/apache2/ssl_scache #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) SSLSessionCache shmcb:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
Options Includes FollowSymLinks AllowOverride None Order allow,deny Allow from all SSLRequireSSL </Directory> ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
AllowOverride None order allow,deny allow from all SSLRequireSSL </Directory> </VirtualHost>
On Sun, 13 Jun 2004, Holger Schletz wrote:
Hi,
You have to edit /etc/sysconfig/apache2 and set:
APACHE_SERVER_FLAGS="SSL"
Otherwise, the "Listen 443"-Directive will not be evaluated.
This is wrong. Or at least it works for me without this. :) APACHE_MODULES must, however, contain "ssl".
Am Samstag, 12. Juni 2004 18:17 schrieb Stefan Suurmeijer:
Hi list,
(long post, sorry) I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.
This sounds very much like what I spent quite some time sorting out as well.
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
<IfModule mod_ssl.c> Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost my.ip.add.res:80
I had to add "Listen 443" on a line by itself. Never mind that it shouldn't be necessary; it was. Something is broken in those IfDefines, and I wasn't man enough to see what.
www.myssldomain.tld.conf:
<IfDefine SSL>
Snip the IfDefines. If you've got ssl setup properly (and you do, you said it was working before) they aren't needed - and something is broken in them. Apache validates one or the other to the wrong answer and the virtual host definitions are never scanned as a result. This was my problem and my solution, at least. Bjørn -- Bjørn Tore Sund Phone: (+47) 555-84894 Stupidity is like a System administrator Fax: (+47) 555-89672 fractal; universal and Math. Department Mobile: (+47) 918 68075 infinitely repetitive. University of Bergen VIP: 81724 Support: system@mi.uib.no Contact: teknisk@mi.uib.no Direct: bjornts@mi.uib.no
I think, you have to include the ssl port when stating namevirtualhost. At me it wasn't working until:: NameVirtualHost my.ip.add.res:80 NameVirtualHost my.ip.add.res:443 Csaba Stefan Suurmeijer wrote:
Hi list,
(long post, sorry) I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.
Any hints will be appreciated...
TIA, Stefan
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
<IfModule mod_ssl.c> Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost my.ip.add.res:80
and under /etc/apache2/vhosts.d I have three .conf files:
www.mydomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@mydomain.tld ServerName www.mydomain.tld DocumentRoot /some/where HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myvirtualdomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@myvirtualdomain.tld ServerName www.myvirtualdomain.tld DocumentRoot /some/where/else HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myssldomain.tld.conf:
<IfDefine SSL>
DocumentRoot "/some/where/secure" ServerName www.myssldomain.tld ServerAdmin webmaster@myssldomain.tld ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log Alias /horde "/home/www-ssl/horde" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/cert.pem SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem SSLVerifyClient none
SSLOptions +StdEnvVars </Files> SSLOptions +StdEnvVars </Directory> #SSLSessionCache none #SSLSessionCache dbm:/var/lib/apache2/ssl_scache #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) SSLSessionCache shmcb:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Options Includes FollowSymLinks AllowOverride None Order allow,deny Allow from all SSLRequireSSL </Directory> ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
AllowOverride None order allow,deny allow from all SSLRequireSSL </Directory> </VirtualHost>
I think, you have to include the ssl port when stating namevirtualhost. At me it wasn't working until::
NameVirtualHost my.ip.add.res:80 NameVirtualHost my.ip.add.res:443
Csaba
What about telling howto correctly load needed modules instead of telling him things he already knows :-)
Hi list,
(long post, sorry) I've decided that with my move to 9.1, it's time to move to apache2 as well. But I can't seem to get the SSL connections working.
I use a setup with multiple name based virtual hosts on port 80 and a single SSL ip-based virtual host on port 443. Which worked without problem on apache 1.x, but now I can't get the SSL part working (the name based virtual hosts on port 80 work without problem)
I've tried everything I can think of. httpd2 -S nicely displays the name based virtual hosts without even a hint of the ssl one. It's as if it never even reads the SSL virtual host .conf file. Apache starts up without an error, but listens only to port 80.
Any hints will be appreciated...
TIA, Stefan
The setup is as follows:
listen.conf:
Listen my.ip.add.res:80
<IfDefine SSL>
<IfModule mod_ssl.c> Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost my.ip.add.res:80
and under /etc/apache2/vhosts.d I have three .conf files:
www.mydomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@mydomain.tld ServerName www.mydomain.tld DocumentRoot /some/where HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myvirtualdomain.tld.conf
<VirtualHost my.ip.add.res:80> ServerAdmin webmaster@myvirtualdomain.tld ServerName www.myvirtualdomain.tld DocumentRoot /some/where/else HostnameLookups Off UseCanonicalName Off ServerSignature On
Options None AllowOverride None Order allow,deny Allow from all </Directory> www.myssldomain.tld.conf:
<IfDefine SSL>
DocumentRoot "/some/where/secure" ServerName www.myssldomain.tld ServerAdmin webmaster@myssldomain.tld ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log Alias /horde "/home/www-ssl/horde" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/cert.pem SSLCertificateKeyFile /etc/apache2/ssl.key/server-key.pem SSLVerifyClient none
SSLOptions +StdEnvVars </Files> SSLOptions +StdEnvVars </Directory> #SSLSessionCache none #SSLSessionCache dbm:/var/lib/apache2/ssl_scache #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) SSLSessionCache shmcb:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Options Includes FollowSymLinks AllowOverride None Order allow,deny Allow from all SSLRequireSSL </Directory> ScriptAlias /cgi-bin/ "/some/where/secure/cgi-bin/"
AllowOverride None order allow,deny allow from all SSLRequireSSL </Directory> </VirtualHost>
Hi! Soe forewords: 1) ssl only works on one single ip per hostname. 2) virtual hosts work unlimited on one ip My working config: /etc/sysconfig/apache2 APACHE_START_TIMEOUT="5" APACHE_MODULES="[...] ssl" #[..] means the other modules there APACHE_SERVER_FLAGS="-D SSL" There's a minor change in 9.1, you dont put the config in /etc/apache2/httpd.conf, you put it into vhosts-definitions: /etc/apache2/vhosts.d copy vhost-ssl.template to e.g. your-server-ssl.conf edit the file, setup correct hostname, admin-email, document-root and generate server-certificates with gensslcert. Maybe you have to rename the certificates, they are located in: /etc/apache2/ssl.crt /etc/apache2/ssl.csr /etc/apache2/ssl.key For self signing certificates look with google how to work out. After all files lay on the correct location do a rcapache2 restart and enjoy. Maybe you have to configure your firewall to open tcp port 443 for incoming connections, if you use a firewall. Philippe
I've viewed the previous mail threads on this topic and tried many variations. However, I cant get it to work. I have verified that my paths are correct for libpng but I still get the same error: configure: error: libpng.(also) not found This is what I run: ./configure --prefix=/www/php --with-apxs2=/www/bin/apxs --with-config-file-path=/www/php --enable-sockets --with-mysql=/usr/bin/mysql --with-zlib-dir=/usr/share/doc/packages --with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib TIA Tom
I've viewed the previous mail threads on this topic and tried many variations. However, I cant get it to work. I have verified that my paths are correct for libpng but I still get the same error:
configure: error: libpng.(also) not found
This is what I run:
./configure --prefix=/www/php --with-apxs2=/www/bin/apxs --with-config-file-path=/www/php --enable-sockets --with-mysql=/usr/bin/mysql --with-zlib-dir=/usr/share/doc/packages --with-gd --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib
TIA
Tom
Hi! Ok, you want to have 4.3.6, because 4.3.3 is shipped with SuSE 9.0, but if you want to use it, you have to do some major or minor changes and got to get all packages (apache, php, mysql) to configure it and recompile it. What about /srv/www/<path> instead of /www/<path> for data and /www/<path> for binaries? Try ./configure --help for help on configureing the sources. Did you check, if you have all sources you need? You will need to compile php, phplib, mysql-client, mysql and apache. Within the packages (.rpm) of SuSE you will need to install the developement packages to have the headerfiles, that are needed to compile your apache. Have a closer look at the errormessages, they will tell you what is missing. I saw somewhere an apachetoolkit, which allows to let the script set all env. variables and then configures it by itself. You only have to get the sources and then run the script. I found it somewhere at sourceforge (www.sf.net) or feshmeat (freshmeat.net/). Philippe
participants (6)
-
Ago Csaba
-
Bjorn Tore Sund
-
Holger Schletz
-
Philippe Vogel
-
Stefan Suurmeijer
-
Tom Fulton