Apache SSL with SUSE 9.1
Hi, i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost. 1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions 6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Could anyone help me please ? Regards Franck
hey, please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/. i think there may be something wrong. best regards luk -----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 10:52 An: Mailing SuSe Security Betreff: [suse-security] Apache SSL with SUSE 9.1 Hi, i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost. 1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions 6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Could anyone help me please ? Regards Franck -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/.
i think there may be something wrong.
#Listen.conf ############# Listen 80 <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> Listen 443 </IfModule> </IfDefine> </IfDefine> NameVirtualHost * # END Listen.conf ############# # test.conf ############# <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> # END test.conf ############# Regards Franck
hey, specify an ip address to listen on and set this ip address for the namevitrualhost: listen.conf: <if define ssl> ... Listen 1.2.3.4:443 ... </if define> NameVirtualHost 1.2.3.4:443 maybe that helps... luk -----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 13:53 An: suse-security@suse.com Betreff: Re: AW: [suse-security] Apache SSL with SUSE 9.1
please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/.
i think there may be something wrong.
#Listen.conf ############# Listen 80 <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> Listen 443 </IfModule> </IfDefine> </IfDefine> NameVirtualHost * # END Listen.conf ############# # test.conf ############# <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> # END test.conf ############# Regards Franck -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
specify an ip address to listen on and set this ip address for the namevitrualhost:
listen.conf:
<if define ssl> ... Listen 1.2.3.4:443 ... </if define>
NameVirtualHost 1.2.3.4:443
maybe that helps...
That's the same error :( Franck
and you don't have any '*' in your listen.conf? luk -----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 14:24 An: suse-security@suse.com Betreff: Re: AW: AW: [suse-security] Apache SSL with SUSE 9.1
specify an ip address to listen on and set this ip address for the namevitrualhost:
listen.conf:
<if define ssl> ... Listen 1.2.3.4:443 ... </if define>
NameVirtualHost 1.2.3.4:443
maybe that helps...
That's the same error :( Franck -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
hey, i think you have to comment that out and only use the setting i provided and try again. for some reason the server has problems with this wildcard as you can see in the error-message. in listen.conf you specify ports and ip addresses to listen to and with the namevirtualhost you specify which virtual hosts exist. set namevirtualhost 1.2.3.4:443 for the ssl version of the site reachable under that ip address. then in test.conf you set <VirtualHost _default_:443> to <VirtualHost 1.2.3.4:443>. good luck luk -----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 15:48 An: suse-security@suse.com Betreff: Re: AW: AW: AW: [suse-security] Apache SSL with SUSE 9.1 hi
and you don't have any '*' in your listen.conf?
NameVirtualHost * Franck -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello, Am Donnerstag, 6. Januar 2005 15:48 schrieb Franck:
and you don't have any '*' in your listen.conf?
NameVirtualHost *
Try NameVirtualHost *:80 for the non-SSL vHosts. You also have to change <NameVirtualHost *> to <NameVirtualHost *:80> Regards, Christian Boltz --
Aber der SuSE-Kernel wird mindestens ein Goodie haben, das auch du sehr zu schätzen wissen wirst. Er wird diesmal stabil laufen?? :-)) [> Philipp Thomas und Thomas Hertweck in suse-linux]
send the configuration for the virtual host in question so we can see what you did. also the ssl config portion of the server config On Thu, 6 Jan 2005, Franck wrote:
Hi,
i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost.
1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions
6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Could anyone help me please ?
Regards
Franck
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
send the configuration for the virtual host in question so we can see what you did.
# test.conf ############# <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> # END test.conf #############
also the ssl config portion of the server config
It 's the basic configuration of apache in SUSE 9.1
participants (4)
-
Christian Boltz -
dadirtyluk -
Dana Hudes -
Franck