ssl vhost ignoring DocRoot option

I have an apache2 install - all stock from mdk rpms. I have a few vhosts
configured which work fine. I have one ssl vhost which is ignoring my
DocumentRoot line - when connecting to port 443 the default webserver
DocRoot comes up. Here are some details from my configuration:

# Apache and associated software:
Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6mdk)
mod_perl/1.99_11 Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c PHP/4.3.4

# rpm -qa | grep apache
apache2-mod_php-2.0.48_4.3.4-1mdk
apache2-modules-2.0.48-6mdk
apache2-mod_disk_cache-2.0.48-5mdk
apache2-mod_perl-2.0.48_1.99_11-3mdk
apache2-2.0.48-6mdk
apache2-mod_suexec-2.0.48-1mdk
apache2-mod_cache-2.0.48-5mdk
apache2-common-2.0.48-6mdk
apache-conf-2.0.48-2mdk
apache2-mod_proxy-2.0.48-5mdk
apache2-manual-2.0.48-5mdk
apache2-mod_ssl-2.0.48-6mdk

# Here are all the lines from the ssl.default-vhost.conf file

<IfModule mod_ssl.c>
# NameVirtualHost *:443
# <VirtualHost _default_:443>
# <VirtualHost 192.168.1.4:443>
<VirtualHost webmail.mydomain.com:443>
DocumentRoot /var/www/webmail.mydomain.com
ServerName webmail.mydomain.com
ServerAdmin admin@mydomain.com
ErrorLog logs/webmail_ssl-error_log
TransferLog logs/webmail_ssl-access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/apache/server.crt
SSLCertificateKeyFile /etc/ssl/apache/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
</IfModule>


So far I have tried each of the VirtualHost lines above that are commented
out, no luck with any of them. I have tried it without the IfModule
mod_ssl.c block surrounding it. At one point I tried putting a new
VirtualHost block into the Vhosts.conf file (specified :443 in it) and
that didn't work either.

I've tried httpd2 -S and all my vhosts show up, but the ssl vhost does't.
This appears to be normal for apache 1.3x but I don't have any other
apache2 boxes to check against.

The desired result is to have 2 vhosts for the same host.domain.com, 1 on
port 80, the other on port 443. The one on port 80 will simply redirect
users to port 443.

I've read all the docs, done tons of googling, and no luck
yet. Anyone have any ideas?

Dave

D Gargan <dgargan@sbcglobal.net> wrote:
> I have an apache2 install - all stock from mdk rpms. I have a few vhosts
> configured which work fine. I have one ssl vhost which is ignoring my
> DocumentRoot line - when connecting to port 443 the default webserver
> DocRoot comes up. Here are some details from my configuration:

You need to have

NameVirtualHost *:80
NameVirtualHost *:443

Then then "normal" vhost configuration:

<VirtualHost _default_ *:443>
....
</VirtualHost>

<VirtualHost _default_ *:80>
...
</VirtualHost>

Usually the whole part related to SSL is in <IfModule> blocks so
if you start Apache without SSL it won't give you pile of errors.

Davide

--
| Nature abhors a hero. For one thing, he violates the law of
| conservation of energy. For another, how can it be the survival of
| the fittest when the fittest keeps putting himself in situations where
| he is most likely to be creamed?

On Fri, 30 Apr 2004 05:30:32 +0000, Davide Bianchi wrote:

> D Gargan <dgargan@sbcglobal.net> wrote:
>> I have an apache2 install - all stock from mdk rpms. I have a few vhosts
>> configured which work fine. I have one ssl vhost which is ignoring my
>> DocumentRoot line - when connecting to port 443 the default webserver
>> DocRoot comes up. Here are some details from my configuration:
>
> You need to have
>
> NameVirtualHost *:80
> NameVirtualHost *:443
>
> Then then "normal" vhost configuration:
>
> <VirtualHost _default_ *:443>
> ....
> </VirtualHost>
>
> <VirtualHost _default_ *:80>
> ...
> </VirtualHost>
>
> Usually the whole part related to SSL is in <IfModule> blocks so
> if you start Apache without SSL it won't give you pile of errors.
>
> Davide

Thanks for the advice Davide.

I did try that before, and to be sure, I just tried it again. Still no
luck with it... Here is the pertinent part of the config file
/etc/httpd/conf/ssl/ssl.defualt-vhost.conf:

<IfModule mod_ssl.c>
NameVirtualHost *:443
<VirtualHost _default_:443>
DocumentRoot /var/www/webmail.mydomain.com
ServerName webmail.mydomain.com


Darn thing still goes to the main docroot of the machine and ignores the
webmail docroot line.

Dave

D Gargan <dgargan@sbcglobal.net> wrote:
> luck with it... Here is the pertinent part of the config file
> /etc/httpd/conf/ssl/ssl.defualt-vhost.conf:

Hummm... that means that you have the ssl part configured in a different
file than your standard httpd.conf? Is that file included in the
httpd.conf? What apachectl configtest shows?

Davide

--
| Slowly and surely the unix crept up on the Nintendo user ...
|
|
|

On Sat, 01 May 2004 06:23:22 +0000, Davide Bianchi wrote:

> D Gargan <dgargan@sbcglobal.net> wrote:
>> luck with it... Here is the pertinent part of the config file
>> /etc/httpd/conf/ssl/ssl.defualt-vhost.conf:
>
> Hummm... that means that you have the ssl part configured in a different
> file than your standard httpd.conf? Is that file included in the
> httpd.conf? What apachectl configtest shows?
>
> Davide

When I run apachectl configtest, it exits with 0 and no ouptut is shown.
There is a line in the httpd.conf that loads the ssl.default-vhost.conf
file.

Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf

Dave

D Gargan <dgargan@sbcglobal.net> wrote:
> Include conf/ssl/mod_ssl.conf

Check the mod_ssl.conf file. I suspect that something
is tampering with the VHost configuration.

Davide

--
| It is always preferable to visit home with a friend. Your parents
| will not be pleased with this plan, because they want you all to
| themselves and because in the presence of your friend, they will have
| to act like mature human beings ...

On Sat, 01 May 2004 16:52:37 +0000, Davide Bianchi wrote:

> D Gargan <dgargan@sbcglobal.net> wrote:
>> Include conf/ssl/mod_ssl.conf
>
> Check the mod_ssl.conf file. I suspect that something
> is tampering with the VHost configuration.
>
> Davide

The mod_ssl.conf file is one file I haven't touched at all. I will check
it against another machine I have that works (though it is running
apache1.3x not 2).

Here it is my current mod_ssl.conf file.

<IfModule mod_ssl.c>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog logs/ssl_engine_log
SSLLogLevel info
</IfModule>

Dave

On Sat, 01 May 2004 16:52:37 +0000, Davide Bianchi wrote:

> D Gargan <dgargan@sbcglobal.net> wrote:
>> Include conf/ssl/mod_ssl.conf
>
> Check the mod_ssl.conf file. I suspect that something
> is tampering with the VHost configuration.
>
> Davide

I have compared the mod_ssl.conf file against another working box, and it
is 'exactly' the same. I wish the logs had an error to work with, but all
that shows up is the request for / and the normal serving up of the files
- from the main docroot area. If the httpd2 -S showed the ssl vhosts,
that would help also.

I appreciate you trying to assist Davide.

Dave

On Fri, 30 Apr 2004 00:04:43 +0000, D Gargan wrote:

> I have an apache2 install - all stock from mdk rpms. I have a few vhosts
> configured which work fine. I have one ssl vhost which is ignoring my
> DocumentRoot line - when connecting to port 443 the default webserver
> DocRoot comes up. Here are some details from my configuration:
>
> # Apache and associated software:
> Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6mdk)
> mod_perl/1.99_11 Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c PHP/4.3.4
>
> # rpm -qa | grep apache
> apache2-mod_php-2.0.48_4.3.4-1mdk
> apache2-modules-2.0.48-6mdk
> apache2-mod_disk_cache-2.0.48-5mdk
> apache2-mod_perl-2.0.48_1.99_11-3mdk
> apache2-2.0.48-6mdk
> apache2-mod_suexec-2.0.48-1mdk
> apache2-mod_cache-2.0.48-5mdk
> apache2-common-2.0.48-6mdk
> apache-conf-2.0.48-2mdk
> apache2-mod_proxy-2.0.48-5mdk
> apache2-manual-2.0.48-5mdk
> apache2-mod_ssl-2.0.48-6mdk
>
> # Here are all the lines from the ssl.default-vhost.conf file
>
> <IfModule mod_ssl.c>
> # NameVirtualHost *:443
> # <VirtualHost _default_:443>
> # <VirtualHost 192.168.1.4:443>
> <VirtualHost webmail.mydomain.com:443>
> DocumentRoot /var/www/webmail.mydomain.com
> ServerName webmail.mydomain.com
> ServerAdmin admin@mydomain.com
> ErrorLog logs/webmail_ssl-error_log
> TransferLog logs/webmail_ssl-access_log
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
> SSLCertificateFile /etc/ssl/apache/server.crt
> SSLCertificateKeyFile /etc/ssl/apache/server.key
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> RewriteEngine On
> RewriteOptions inherit
> </VirtualHost>
> </IfModule>
>
>
> So far I have tried each of the VirtualHost lines above that are commented
> out, no luck with any of them. I have tried it without the IfModule
> mod_ssl.c block surrounding it. At one point I tried putting a new
> VirtualHost block into the Vhosts.conf file (specified :443 in it) and
> that didn't work either.
>
> I've tried httpd2 -S and all my vhosts show up, but the ssl vhost does't.
> This appears to be normal for apache 1.3x but I don't have any other
> apache2 boxes to check against.
>
> The desired result is to have 2 vhosts for the same host.domain.com, 1 on
> port 80, the other on port 443. The one on port 80 will simply redirect
> users to port 443.
>
> I've read all the docs, done tons of googling, and no luck
> yet. Anyone have any ideas?
>
> Dave


Found the problem.

httpd2 was referencing the file:
/etc/httpd/conf.d/41_mod_ssl.default-vhost.conf

httpd was referencing the file:
/etc/httpd/conf/ssl/ssl.default-vhost.conf

As soon as I edited the correct file for httpd2 it
took the ssl vhost no problem.

Dave