Hi,
i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost.
1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions
6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Could anyone help me please ?
Regards
Franck
hey,
please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/.
i think there may be something wrong.
best regards
luk
-----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 10:52 An: Mailing SuSe Security Betreff: [suse-security] Apache SSL with SUSE 9.1
Hi,
i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost.
1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions
6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Could anyone help me please ?
Regards
Franck
please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/.
i think there may be something wrong.
#Listen.conf ############# Listen 80
<IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c>
Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost *
# END Listen.conf #############
# test.conf ############# <IfDefine SSL> <IfDefine !NOSSL>
<VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ ".(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory>
SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine> </IfDefine>
# END test.conf #############
Regards
Franck
hey,
specify an ip address to listen on and set this ip address for the namevitrualhost:
listen.conf:
<if define ssl> ... Listen 1.2.3.4:443 ... </if define>
NameVirtualHost 1.2.3.4:443
maybe that helps...
luk
-----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 13:53 An: suse-security@suse.com Betreff: Re: AW: [suse-security] Apache SSL with SUSE 9.1
please post ur listen.conf from /etc/apache2/ and test.conf from /etc/apache2/vhosts.d/.
i think there may be something wrong.
#Listen.conf ############# Listen 80
<IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c>
Listen 443
</IfModule> </IfDefine> </IfDefine>
NameVirtualHost *
# END Listen.conf #############
# test.conf ############# <IfDefine SSL> <IfDefine !NOSSL>
<VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ ".(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory>
SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine> </IfDefine>
# END test.conf #############
Regards
Franck
specify an ip address to listen on and set this ip address for the namevitrualhost:
listen.conf:
<if define ssl> ... Listen 1.2.3.4:443 ... </if define>
NameVirtualHost 1.2.3.4:443
maybe that helps...
That's the same error :(
Franck
and you don't have any '*' in your listen.conf?
luk
-----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 14:24 An: suse-security@suse.com Betreff: Re: AW: AW: [suse-security] Apache SSL with SUSE 9.1
specify an ip address to listen on and set this ip address for the namevitrualhost:
listen.conf:
<if define ssl> ... Listen 1.2.3.4:443 ... </if define>
NameVirtualHost 1.2.3.4:443
maybe that helps...
That's the same error :(
Franck
hey,
i think you have to comment that out and only use the setting i provided and try again.
for some reason the server has problems with this wildcard as you can see in the error-message.
in listen.conf you specify ports and ip addresses to listen to and with the namevirtualhost you specify which virtual hosts exist.
set namevirtualhost 1.2.3.4:443 for the ssl version of the site reachable under that ip address.
then in test.conf you set
<VirtualHost _default_:443>
to
<VirtualHost 1.2.3.4:443>.
good luck
luk
-----Ursprungliche Nachricht----- Von: Franck [mailto:franck@linuxpourtous.com] Gesendet: Donnerstag, 6. Januar 2005 15:48 An: suse-security@suse.com Betreff: Re: AW: AW: AW: [suse-security] Apache SSL with SUSE 9.1
hi
and you don't have any '*' in your listen.conf?
NameVirtualHost *
Franck
Hello,
Am Donnerstag, 6. Januar 2005 15:48 schrieb Franck:
and you don't have any '*' in your listen.conf?
NameVirtualHost *
Try NameVirtualHost *:80 for the non-SSL vHosts. You also have to change <NameVirtualHost *> to <NameVirtualHost *:80>
Regards,
Christian Boltz
send the configuration for the virtual host in question so we can see what you did. also the ssl config portion of the server config On Thu, 6 Jan 2005, Franck wrote:
Hi,
i've a problem to activate SSL on my apache. All work fine on port 80 with virtualhost.
1/ Basic instalaltion of apache 2 with mod_php4 2/ /etc/sysconfig/apache2 => APACHE_SERVER_FLAGS="SSL" 3/ copy from vhost-ssl.template to test.conf 4/ In test.conf, only changed DocumentRoot to point to good path 5/ cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. Answer all questions
6/ /etc/init.d/apache2 restart [Thu Jan 06 10:45:48 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results Syntax OK Shutting down httpd2 (waiting for all children to terminate) done Starting httpd2 (prefork) [Thu Jan 06 10:45:49 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Could anyone help me please ?
Regards
Franck
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
send the configuration for the virtual host in question so we can see what you did.
# test.conf ############# <IfDefine SSL> <IfDefine !NOSSL>
<VirtualHost _default_:443> DocumentRoot "/home/webmaster/public_html/ovidentia" ServerName linuxpourtous ErrorLog /var/log/apache2/ssl-error_log TransferLog /var/log/apache2/ssl-access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ ".(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory>
SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine> </IfDefine>
# END test.conf #############
also the ssl config portion of the server config
It 's the basic configuration of apache in SUSE 9.1
-
Christian Boltz -
dadirtyluk -
Dana Hudes -
Franck