Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to add a second vhost to my once working apache config. Now I have things really bollixed up and cannot access anything. I am getting a error 400. The access log shows this:
I have a default (I think) httpd.conf file and put all my config stuff in files in vhosts.d. I have 3 files there:
defaults.conf
Code:
NameVirtualHost *
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Order Deny,Allow
Allow from all
Options -Indexes FollowSymLinks
</Directory>
Error 400 means bad request and should be logged in error_log, or whatever file logs errors.
Anyway how are you trying to access the server? Because there is no HTTP in the request. The correct entry in access_log should be
192.168.0.2 - - [17/Mar/2011:11:24:41 -0400] "GET / HTTP/1.1" 400 951
That is odd. I access the page using 'http://vhost1.mydomain.com' from Firefox. I also added, '/index.html' but it made no difference. I know it is my config that is messed up somewhere because it worked on a single host before I did the virtual host configuration. Now both virtual hosts are doing the same thing. On some of the discussions about error 400, there was mention that the server may not know which VH is being requested but none of the solutions seem to help. It is frustrating that I cannot get anything in the error log other than the Apache messages when it starts.
FWIW, here is the error log from the last restart:
Code:
[Thu Mar 17 13:08:50 2011] [notice] SIGHUP received. Attempting to restart
[Thu Mar 17 13:08:50 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 17 13:08:50 2011] [notice] Digest: done
[Thu Mar 17 13:08:51 2011] [notice] Apache/2.2.15 (Mandriva Linux/PREFORK-3.1mdv2010.1) mod_ssl/2.2.15 OpenSSL/1.0.0a PHP/5.3.5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
Note that this is a client and not a server error. Are you by any chance access the webserver through a proxy, or it's behind a firewall?
Anyway if you want to check your vhosts you can run:
Code:
httpd -S
Or you can disable vhosts for the moment by commenting out the Include directive
Commenting out the includes works, which I think confirms that the vhost config is the problem not something on the client side. Running httpd -S doesn't seem to give much but what it does say seems right to me.
So let's try a few things:
1. Make sure you have both Listen 80 and Listen 443 directives in your config files. Also use *:80 for NameVirtualHost
2. Remove the ssl stuff from the 1st vhost and add specific logging for each vhost.
3. Put the ssl stuff in ssl.conf (or whatever it's called in Mandriva)
Thanks again. Assuming I did everything right, here is the current state:
vhost1 works, however, the pages that are supposed to be secured via ssl gets a "problem loading page" error. The custom access log and error log are empty as are the regular logs. Since I'm not sure what to expect with this configuration, maybe that is OK.
vhost2 does not work, however there is an entry in that error log:
[Thu Mar 17 15:52:21 2011] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
vhost1 works, however, the pages that are supposed to be secured via ssl gets a "problem loading page" error. The custom access log and error log are empty as are the regular logs. Since I'm not sure what to expect with this configuration, maybe that is OK
No, it's not OK. There should be entries at least in the vhost1 access_log, or the default error_log
To force ssl for vhost1 you can use either mod_rewrite or Redirect
Since there is nothing in the log do do I debug logging?
I only want to protect one sub-directory won't your suggestion apply to the entire VH? Also you had me remove all the authentication stuff from that sub-directory.
There is only one SSLEngine statement in all the conf files (ssl.conf).
I added the DocumentRoot to the ssl.conf.
Apache won't run with the ssl.conf.
(98)Address already in use: make_sock: could not bind to address [::]:443
If I remove the ssl.conf then Apache starts. Here is what I thought wanted me to do:
Since there is nothing in the log do do I debug logging?
I guess you're looking in the wrong place. You can use absolute pathnames for the log files, like "ErrorLog "l/var/log/httpd/lvhost1_error.log" and so on
Quote:
I only want to protect one sub-directory won't your suggestion apply to the entire VH? Also you had me remove all the authentication stuff from that sub-directory.
If you mean to protect using ssl, yes my suggestion will apply to the whole vhost. But you can do the same for the directory you want to protect
If you want to use the Auth stuff to protect a directory, then you need to add the Auth directives in that Directory stanza
Quote:
Apache won't run with the ssl.conf.
(98)Address already in use: make_sock: could not bind to address [::]:443
Then I guess there is another "Listen 443" directive in some config file. I don't know how Mandriva splits the config files.
Quote:
If I remove the ssl.conf then Apache starts. Here is what I thought wanted me to do:
I guess you're looking in the wrong place. You can use absolute pathnames for the log files, like "ErrorLog "l/var/log/httpd/lvhost1_error.log" and so on
Isn't that what you already had me do?
Quote:
Originally Posted by bathory
If you mean to protect using ssl, yes my suggestion will apply to the whole vhost. But you can do the same for the directory you want to protect
If you want to use the Auth stuff to protect a directory, then you need to add the Auth directives in that Directory stanza
You had me remove that during this testing so I put it back. Now I have an additional problem where PHP_AUTH_USER is not being set. This is getting really ugly but its probably better to concentrate on one problem at a time.
Quote:
Originally Posted by bathory
Then I guess there is another "Listen 443" directive in some config file. I don't know how Mandriva splits the config files.
Does it start also in ssl mode?
That's what I would have thought but I can't find one. If I try to use https without the ssl.conf file I get a secure connection failed message:
SSL received a record that exceeded the maximum permissible length
That seems like an odd message if SSL is not running. I did a 'grep -r 443 *' and only 1 entry showed up and that was in the ssl.conf file.
Quote:
Originally Posted by bathory
And please port the output of
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server vhost1.mydomain.com (/etc/httpd/conf/vhosts.d/vhost1.conf:6)
port 80 namevhost vhost1.mydomain.com (/etc/httpd/conf/vhosts.d/vhost1.conf:6)
port 80 namevhost vhost2.mydomain.com (/etc/httpd/conf/vhosts.d/vhost2.conf:1)
Syntax OK
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.