Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Apache 2.4 on RHEL5
if i include a ssl.conf from inside httpd.conf which limits the ciphers allowed, but then i also have vhostXYZ.conf files which have includes that load a "vhostXYZ-ssl.conf" which uses different ssl restrictions, does the vhostXYZ-ssl.conf take precedence??
and if the vhostXYZ.conf has no include for a ssl conf does the ssl.conf loaded via httpd.conf get applied?
Last edited by Linux_Kidd; 07-31-2012 at 11:35 AM.
You can specify which directives can and can't be used in a VHost, and which ones take precedence.
Obviously, you want to "get your act together." Figure out one way that you want to do these things, globally across the installation, and specify them globally. (Don't let them be specified locally.) A chain is only as strong as its weakest link, and every link in the chain should be identical in design.
You can specify which directives can and can't be used in a VHost, and which ones take precedence.
Obviously, you want to "get your act together." Figure out one way that you want to do these things, globally across the installation, and specify them globally. (Don't let them be specified locally.) A chain is only as strong as its weakest link, and every link in the chain should be identical in design.
well, to act on your advice i still need my Q's to have A's, etc
Apache 2.4 on RHEL5
if i include a ssl.conf from inside httpd.conf which limits the ciphers allowed, but then i also have vhostXYZ.conf files which have includes that load a "vhostXYZ-ssl.conf" which uses different ssl restrictions, does the vhostXYZ-ssl.conf take precedence??
and if the vhostXYZ.conf has no include for a ssl conf does the ssl.conf loaded via httpd.conf get applied?
Generally speaking, "yes" and "yes".
Read through the various directives at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html. The context for many of them is server, virtualhost (meaning that it is inherited from the former context if it isn't explicitly overridden in the latter).
Note that SSLCipherSuite supports even more contexts, down to the directory and .htaccess level.
sundial,
so my reasoing in having SSL settings in httpd.conf and in virtual directives is so httpd.conf defines the weakest suite allowed if a virtual has no ssl settings, but if a virtual site needs more restrictions above what httpd.conf has we can do that. you may ask "why do such" and the answer has to do with the content being served and who the clients are we are serving the content to. not all browsers support the strongest cipher suites, yet for some of our content we will only serve it using the strongest cipher suites.
i am not 100% on the Apache hierarchy, specifically being able to include a conf in httpd.conf, then having a virtual directive which loads settings from a virtualXYZ.conf which in and of itself can have most of the directives/settings that httpd.conf can, etc.
i am not 100% on the Apache hierarchy, specifically being able to include a conf in httpd.conf, then having a virtual directive which loads settings from a virtualXYZ.conf which in and of itself can have most of the directives/settings that httpd.conf can, etc.
You're way overpaid if you can't read what I posted. Done replying to your inane questions after two bad experiences. Good luck.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Figure out one way that you want to do these things, globally across the installation, and specify them globally. (Don't let them be specified locally.) A chain is only as strong as its weakest link, and every link in the chain should be identical in design.
