Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

http and https on same server - 1 ip

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  Apache directory listing  
Author Message
marcnadonospam1

External


Since: Feb 15, 2004
Posts: 8



(Msg. 1) Posted: Thu May 20, 2004 3:33 am
Post subject: http and https on same server - 1 ip
Archived from groups: alt>apache>configuration (more info?)
I have to install SSL on a remote server with only 1 ip address.

Right now i am doing tests on a local server, that explains the
weird domain names in this post.

I already have spend 3 days googling and reading all kind of
docs. It should work but it does not.


My config:
---------------------
Mandrake 9.2
Server Version: Apache-AdvancedExtranetServer/2.0.48 (Mandrake
Linux/5mdk) mod_perl/1.99_11 Perl/v5.8.2 mod_ssl/2.0.48
OpenSSL/0.9.7c PHP/4.3.4
Machine name: mohicanie.zaq

--------------------
I created the certificate and key, that seems to work, actually,
that works too much.

I added a secured subdomain (secure.mohicanie.zaq) in
/etc/httpd/conf.d/40_mod_sss.conf, like this:

--------------------------------------------
<VirtualHost secure.mohicanie.zaq:443>

DocumentRoot "/home/marcnado/www/secure"
ServerName secure.mohicanie.zaq:443
ServerAdmin marcus.TakeThisOut@mohicanie.zaq
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+\
HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/httpd/certificats/server.crt

SSLCertificateKeyFile /etc/httpd/certificats/server.key

<Files ~ "\.(cgi|shtml|phtml|php|php3?)$">
SSLOptions +StdEnvVars
</Files>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

--------------------------------------------

The whole test site (all subdomains) is now available only using
https addresses.
The standard http subdomain addresses do not work anymore.

BUT i just want some subdomains to be secured through SSL.

So, i added in the other subdomains a 'SSLengine off' directive.

Like this:

------------------------------

<VirtualHost 192.168.100.10:80>
DocumentRoot /home/marcnado/www/bd-girls
ServerName bd-girls.mohicanie.zaq
ServerPath /bd-girls/
RewriteEngine On
RewriteRule ^(/bd-girls/.*) /home/marcnado/www/bd-girls$1
ServerAdmin marcus.TakeThisOut@mohicanie.zaq
ErrorLog /home/marcnado/logs/bd-girls-25mars2004.log
LogLevel warn

SSLengine off

</VirtualHost>

------------------------------

But to no avail, the subdomains are only available through SSL.

What did i miss?

So, the question:

How to have only certains subdomains secured with SSl with only
1 ip address?


TIA






--
mv sco /dev/null
Marc Nadeau# La Pagerie /* http://www.pagerie.com */

 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 2) Posted: Thu May 20, 2004 9:09 am
Post subject: Re: http and https on same server - 1 ip [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Marc Nadeau <marcnadoNOSPAM RemoveThis @yahoo.fr> wrote:
 > It should work but it does not.

Meaning of 'it does not' ?

 > ServerName secure.mohicanie.zaq:444

Your servername does not contain "444" and the https port is 443!

 > The standard http subdomain addresses do not work anymore.

Meaning of 'do not work' ? Do you get an error? Do you get a
'permission denied'? What??

 > How to have only certains subdomains secured with SSl with only
 > 1 ip address?

Using Name Based Virtual Host.

Something like this:
NameVirtualHost *

<VirtualHost *>
ServerAdmin someone RemoveThis @averybadplace.org
DocumentRoot /somewhere/over/there
ServerName some.badplace.org
<Directory "/...">
   ...options...
</Directory>
</VirtualHost>

<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot /some/other/plsce
ServerName thesafeplace.org
SSLEngine on
   ..other SSL related stuff...
<Directory "...">
   ...options...
</Directory>
</VirtualHost>
</IfDefine>

Davide

--
| Am I ranting? I hope so. My ranting gets raves.
|
|
|<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
marcnadonospam1

External


Since: Feb 15, 2004
Posts: 8



(Msg. 3) Posted: Thu May 20, 2004 7:36 pm
Post subject: Re: http and https on same server - 1 ip [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Davide Bianchi a schtroumphé:

 > Marc Nadeau <marcnadoNOSPAM RemoveThis @yahoo.fr> wrote:
  >> It should work but it does not.
 >
 > Meaning of 'it does not' ?
 >
  >> ServerName secure.mohicanie.zaq:444
 >
 > Your servername does not contain "444" and the https port is
 > 443!
 >
A typing error in the message, in the config files it' 443



  >> The standard http subdomain addresses do not work anymore.
 >
 > Meaning of 'do not work' ? Do you get an error? Do you get a
 > 'permission denied'? What??
 >

They are only available through SSL


  >> How to have only certains subdomains secured with SSl with
  >> only 1 ip address?
 >
 > Using Name Based Virtual Host.
 >
 > Something like this:
 > NameVirtualHost *
 >
 > <VirtualHost *>
 > ServerAdmin someone RemoveThis @averybadplace.org
 > DocumentRoot /somewhere/over/there
 > ServerName some.badplace.org
 > <Directory "/...">
 > ...options...
 > </Directory>
 > </VirtualHost>
 >

THat's exactly what i did.


 > <IfDefine SSL>
 > <VirtualHost _default_:443>
 > DocumentRoot /some/other/plsce
 > ServerName thesafeplace.org
 > SSLEngine on
 > ..other SSL related stuff...
 > <Directory "...">
 > ...options...
 > </Directory>
 > </VirtualHost>
 > </IfDefine>
 >

I think that is that _default_ stuff that i do not understand
yet.

So, i'm gonna spend an other afternoon reading and testing.

Regards.



 > Davide
 >

--
mv sco /dev/null
Marc Nadeau# La Pagerie /* <a style='text-decoration: underline;' href="http://www.pagerie.com" target="_blank">http://www.pagerie.com</a> */<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 4) Posted: Thu May 20, 2004 8:43 pm
Post subject: Re: http and https on same server - 1 ip [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Marc Nadeau <marcnadoNOSPAM.DeleteThis@yahoo.fr> wrote:
 > I think that is that _default_ stuff that i do not understand
 > yet.

The meaning of _default_ is: "since you're handling multiple
domains, if you can't understand WHICH domain the idiot user
ask for, give him this one"
If you don't have a "default" VHost, the first VHost defined
will be used instead of a 'default' one.

Davide

--
| Documentation is the castor oil of programming. Managers know it must
| be good because the programmers hate it so much.
|
|<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
dima

External


Since: May 24, 2004
Posts: 3



(Msg. 5) Posted: Mon May 24, 2004 7:15 pm
Post subject: Re: http and https on same server - 1 ip [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Marc,

FYI you can't run virtual hosts over SSL withoug getting warning that server
name and the name certificate was issued to are not equel. If you do want to
know why you need to find out how SSL sessions between server and clinets
are working.

Best,
Dima Ruban

"Marc Nadeau" <marcnadoNOSPAM DeleteThis @yahoo.fr> wrote in message
news:m85rc.2360$SQ2.2106@edtnps89...
 > Davide Bianchi a schtroumphé:
 >
  > > Marc Nadeau <marcnadoNOSPAM DeleteThis @yahoo.fr> wrote:
   > >> It should work but it does not.
  > >
  > > Meaning of 'it does not' ?
  > >
   > >> ServerName secure.mohicanie.zaq:444
  > >
  > > Your servername does not contain "444" and the https port is
  > > 443!
  > >
 > A typing error in the message, in the config files it' 443
 >
 >
 >
   > >> The standard http subdomain addresses do not work anymore.
  > >
  > > Meaning of 'do not work' ? Do you get an error? Do you get a
  > > 'permission denied'? What??
  > >
 >
 > They are only available through SSL
 >
 >
   > >> How to have only certains subdomains secured with SSl with
   > >> only 1 ip address?
  > >
  > > Using Name Based Virtual Host.
  > >
  > > Something like this:
  > > NameVirtualHost *
  > >
  > > <VirtualHost *>
  > > ServerAdmin someone DeleteThis @averybadplace.org
  > > DocumentRoot /somewhere/over/there
  > > ServerName some.badplace.org
  > > <Directory "/...">
  > > ...options...
  > > </Directory>
  > > </VirtualHost>
  > >
 >
 > THat's exactly what i did.
 >
 >
  > > <IfDefine SSL>
  > > <VirtualHost _default_:443>
  > > DocumentRoot /some/other/plsce
  > > ServerName thesafeplace.org
  > > SSLEngine on
  > > ..other SSL related stuff...
  > > <Directory "...">
  > > ...options...
  > > </Directory>
  > > </VirtualHost>
  > > </IfDefine>
  > >
 >
 > I think that is that _default_ stuff that i do not understand
 > yet.
 >
 > So, i'm gonna spend an other afternoon reading and testing.
 >
 > Regards.
 >
 >
 >
  > > Davide
  > >
 >
 > --
 > mv sco /dev/null
 > Marc Nadeau# La Pagerie /* <a style='text-decoration: underline;' href="http://www.pagerie.com" target="_blank">http://www.pagerie.com</a> */<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
marcnadonospam1

External


Since: Feb 15, 2004
Posts: 8



(Msg. 6) Posted: Sat May 29, 2004 5:47 am
Post subject: Re: http and https on same server - 1 ip [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Dmitry Ruban a schtroumphé:

 > Marc,
 >
 > FYI you can't run virtual hosts over SSL withoug getting
 > warning that server name and the name certificate was issued
 > to are not equel. If you do want to know why you need to find
 > out how SSL sessions between server and clinets are working.
 >
 > Best,
 > Dima Ruban
 >
 >

We rented a second ip address dedicated to SSL connections; this
made virtual hosting through SSl much more simple.

Thanks to the responders.

--
mv sco /dev/null
Marc Nadeau# La Pagerie /* <a style='text-decoration: underline;' href="http://www.pagerie.com" target="_blank">http://www.pagerie.com</a> */<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: http and https on same server - 1 ip 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
redirecting a http server to a https server - I have this in ~/tldp/public_html/.htaccess: RewriteEngine On RewriteRule ^/(.*) https://tldp.server.lan/$1 [L,R] The ssl vhost files are in ~/tldp/public_ssl/ I'm trying to automatically map http://tldp.server.lan/a/b/c to https:/..

HTTP & HTTPS - Hi , I am new to apache and would like know this.. 1.I want to run all except one file of my site in HTTP and the remaining one- authentication- file in HTTPS. 2.This has two solutions as outlined in http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html ....

http -https - Hello, I have installed an SuSE Linux Offic-Server, were the installation and starting of an Apache Server seems to be included, but I have the following problem: If I use a browser on the Server I can see webpages using http://servername as well as..

Mod_rewrite issue when HTTP->HTTPS - Hi, I run http and https in the same server. I run an SSL as a vhost and the HTTP server is global. I want two directories to be accessible only through ssl and with ldap authentication. So these sirectories are protected for ldap authentication in....

apache don't work with http but not problem with https .... - hi, i have an 404 error with all http:// request but everthing is all right with https:// ?? i don't understand why ! with https:// apache send the /var/www/html/index.html (for every domain ) with http://, 404 error for everything with http://x.x.x.x/...
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]