HTTPS virtualhosts
This is a discussion on HTTPS virtualhosts within the Modssl Users forums, part of the Web Server and Related Forums category; Hi everyone, For starters, I'm not sure if I should be posting here or to Apache, but they sort ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-06-2007
|
|||
|
|||
HTTPS virtualhosts
Hi everyone,
For starters, I'm not sure if I should be posting here or to Apache, but they sort of steered me here, so I thought I'd start here at least -- if not, please let me know. :-) Anyway, I'm having issues with getting SSL and virtualhosts working with Apache. Now, before you point me at the FAQ, it's not the obvious question. What I'm trying to do is get multiple HTTPS hosts working on the same IP -- but using a wildcard SSL certificate. My config is doing using mod_perl configuration, and I've copied it below. Essentially, the idea is that I have a directory tree that looks like /srv/www/<ip>/<domain-name>/[content|secure_content]/<subdomain>/ . That way, I can just make a new directory/subdomain/etc., reload the apache config, and it's all done and listening for me. And, since you can only have one SSL cert per IP, I just have /srv/www/<ip>/server.crt and server.key -- and that's the certificate used for that IP (so any HTTPS vhost created for that IP will use that certificate). You may think that's a bit weird, but there's a few circumstances that I want to use that - for example, wildcard certificates I can have many vhosts per IP (within the same domain), and also other times when I don't care if it cert mismatches, I just want an SSL connection. Anyway, the HTTP stuff is working great, and the config *appears* to check out OK: [ root@bob:~ ] # apache2 -S VirtualHost configuration: 1.2.3.4:80 is a NameVirtualHost default server www.non.existant.host.com (/etc/apache2/sites-enabled/allsites-1-custom:5) port 80 namevhost www.non.existant.host.com (/etc/apache2/sites-enabled/allsites-1-custom:5) port 80 namevhost sallaway.org (mod_perl:121) port 80 namevhost www.sallaway.org (mod_perl:177) 1.2.3.4:443 is a NameVirtualHost default server www.non.existant.host.com (/etc/apache2/sites-enabled/allsites-1-custom:8) port 443 namevhost www.non.existant.host.com (/etc/apache2/sites-enabled/allsites-1-custom:8) port 443 namevhost sallaway.org (mod_perl:1) port 443 namevhost www.sallaway.org (mod_perl:78) Syntax OK ..... however when I try to reload the config file, it complains and whinges a lot about SSL conflicts (error.log): [warn] Init: SSL server IP/port conflict: bob.sallaway.org:443 (mod_perl:12) vs. www.sallaway.org:443 (mod_perl:78) [warn] Init: SSL server IP/port conflict: sallaway.org:443 (mod_perl:1) vs. www.sallaway.org:443 (mod_perl:78) [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!! I was sort of hoping "hmmm, they're just warnings, maybe it will be OK", but it appears not -- when I load the page, it gives me a "Connection Interrupted" or "Action Cancelled" (pick your browser) and I get this in the error.log: [error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03 Does anyone have any ideas what I can do to fix it at all, or why it's happening? Thanks for your help. Cheers, Michael relevant apache config: NameVirtualHost 1.2.3.4:80 NameVirtualHost 1.2.3.4:443 <VirtualHost 1.2.3.4:80> ServerName www.non.existant.host.com </VirtualHost> <VirtualHost 1.2.3.4:443> ServerName www.non.existant.host.com </VirtualHost> <Perl> my $www_path = "/srv/www"; my @ip_array; my $ip_number; my @subdomain_array; my $subdomain_name; my $subdomain_address; my $domain_name; for $ip (<$www_path/*>) { @ip_array = split /\//, "$ip"; $ip_number = $ip_array[-1]; for $domain (<$ip/*>) { for $http_subdomain (<$domain/content/*>) { @subdomain_array = split /\//, "$http_subdomain"; $subdomain_name = $subdomain_array[-1]; $subdomain_address = $subdomain_name . "."; $domain_name = $subdomain_array[-3]; $subdomain_address = "" if $subdomain_name eq "_"; push @{ $VirtualHost{"$ip_number:80"} }, { ServerName => "${subdomain_address}${domain_name}", DocumentRoot => "${domain}/content/${subdomain_name}", ServerSignature => "On", ErrorLog => "$domain/logs/error.log", CustomLog => ["$domain/logs/access.log", "virtual"], LogLevel => "warn", }; }; next if ! -e "$ip/server.crt"; next if ! -e "$ip/server.key"; for $https_subdomain (<$domain/secure_content/*>) { @subdomain_array = split /\//, "$https_subdomain"; $subdomain_name = $subdomain_array[-1]; $subdomain_address = $subdomain_name . "."; $domain_name = $subdomain_array[-3]; $subdomain_address = "" if $subdomain_name eq "_"; push @{ $VirtualHost{"$ip_number:443"} }, { ServerName => "${subdomain_address}${domain_name}", DocumentRoot => "${domain}/secure_content/${subdomain_name}", ServerSignature => "On", ErrorLog => "$domain/logs/error.log", CustomLog => ["$domain/logs/access.log", "virtual"], LogLevel => "warn", SSLEngine => "on", SSLCertificateFile => "$ip/server.crt", SSLCertificateKeyFile => "$ip/server.key", }; }; }; }; </Perl> ExtendedStatus On <Location /server-status> SetHandler server-status Order allow,deny Allow from all </Location> __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org 
|
Linear Mode
