|
Home > Archive > Apache Server configuration support > February 2006 > Apache2 Debian Sarge SSL and non-SSL in same vhost file
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Apache2 Debian Sarge SSL and non-SSL in same vhost file
|
|
| Jacob Zartmann Nielsen 2006-02-17, 10:29 pm |
| Hi,
I'm looking for some information regarding the setup of vhosts
configured to accept both ssl and non-ssl connections. For multiple
domains that is.
I'd like one file in /etc/apache2/sites-available per domain. Each
domain should have both non-ssl and ssl opportunity.
Is there an easy way of doing this ? Guess I'm looking for an ISP like
setup. BUT I'd like to configure everything myself instead of using a
tool like ISPconfig.
TIA
/Jacob
| |
| MikeDawg 2006-02-17, 10:29 pm |
| Easy, just use "Include" in the main httpd.conf. What I do, is I
create a seperate directory, in this case /etc/apache/vhost and in
that directory, I put my various vhost files (I use the .conf extension
on all of these files). In the main httpd.conf file
(/etc/apache/httpd.conf) I just have a line in there that says:
Include vhost/*.conf
You can then configure each of of the virtual hosts in their own file,
vhost1.conf vhost2.conf etc.
| |
| Jacob Zartmann Nielsen 2006-02-17, 10:29 pm |
| MikeDawg wrote:
> Easy, just use "Include" in the main httpd.conf. What I do, is I
> create a seperate directory, in this case /etc/apache/vhost and in
> that directory, I put my various vhost files (I use the .conf extension
> on all of these files). In the main httpd.conf file
> (/etc/apache/httpd.conf) I just have a line in there that says:
>
> Include vhost/*.conf
>
> You can then configure each of of the virtual hosts in their own file,
> vhost1.conf vhost2.conf etc.
>
Yup that's right. But what I'm looking for is not how to make apache use
the vhost files. I'd like an example of how to make apache use both
ssl and non-ssl in one file (a template I U will).
I would like something like this in every vhost file:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin webmaster@host.foo.com
DocumentRoot /www/docs/host.foo.com
ServerName host.foo.com
ErrorLog logs/host.foo.com-error_log
TransferLog logs/host.foo.com-access_log
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@host.foo.com
DocumentRoot /www/docs/host.foo.com
ServerName host.foo.com
ErrorLog logs/host.foo.com-error_log
TransferLog logs/host.foo.com-access_log
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
/TIA
| |
| MikeDawg 2006-02-17, 10:29 pm |
| It sounds like you know what you're doing, what missing information are
you missing that you should be putting into these vhosts file?
Also, please note, for SSL, you can't have SSL on multiple vhosts
*unless* they are being served out at different IPs.
| |
| Jacob Zartmann Nielsen 2006-02-17, 10:29 pm |
| MikeDawg wrote:
> It sounds like you know what you're doing, what missing information are
> you missing that you should be putting into these vhosts file?
>
> Also, please note, for SSL, you can't have SSL on multiple vhosts
> *unless* they are being served out at different IPs.
>
So you are telling me that I can't run multiple vhosts with SSL support?
Only one?!?
Why can't I have more than one domain with SSL?
It sounds silly to me ;o)
Thank you very much for the help BTW.
/Jacob
| |
| MikeDawg 2006-02-17, 10:29 pm |
| Please note that I said you can't run multiple instances of SSL
(multiple vhosts) on a single IP.
If you had more than one IP, you could host more SSL certs. This is
because of the inherit nature of SSL. Before any HTTP transmits or
acks occure, the server and the client exchage SSL key information via
IP, this is even before the client truly hits the httpd server.
SSL handshaking occurs at the IP level, before any http communication
occurs.
| |
| Jacob Zartmann Nielsen 2006-02-17, 10:29 pm |
| MikeDawg wrote:
> It sounds like you know what you're doing, what missing information are
> you missing that you should be putting into these vhosts file?
>
> Also, please note, for SSL, you can't have SSL on multiple vhosts
> *unless* they are being served out at different IPs.
>
Okay... Got it working now. BUT I can't start the server when CustomLog
is the same on both ssl and non-ssl.
Why Is that?
TIA
/Jacob
| |
| Jacob Zartmann Nielsen 2006-02-17, 10:30 pm |
| MikeDawg wrote:
> Please note that I said you can't run multiple instances of SSL
> (multiple vhosts) on a single IP.
>
> If you had more than one IP, you could host more SSL certs. This is
> because of the inherit nature of SSL. Before any HTTP transmits or
> acks occure, the server and the client exchage SSL key information via
> IP, this is even before the client truly hits the httpd server.
>
> SSL handshaking occurs at the IP level, before any http communication
> occurs.
>
Okay... Thank you very much...
| |
| Jacob Zartmann Nielsen 2006-02-17, 10:30 pm |
| Jacob Zartmann Nielsen wrote:
> MikeDawg wrote:
> Okay... Got it working now. BUT I can't start the server when CustomLog
> is the same on both ssl and non-ssl.
>
> Why Is that?
>
> TIA
>
> /Jacob
Nevermind... It was a permission problem ;o)
|
|
|
|
|