LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 12-12-2003, 08:24 PM   #1
Silly22
LQ Newbie
 
Registered: Mar 2002
Location: Edmonton, AB
Distribution: Mandrake 10.2, Ubuntu 6.10
Posts: 26

Rep: Reputation: 15
Thumbs up Solutions to Apache SSL Virtual Host woes (for dynamic IP too)


So I've wracked my brain for the last 24 hours reading and playing with a stock installation of Mandrake Linux 9.2 with MySQL, PHP, and mod_ssl for apache.

My goal was to get name-based Virtual Hosts working so that multiple domains resolving to my server's Internet routable IP would point to specific folders on my server.

I wanted silly.somedomain.com pointing to /home/silly/www
misc.somedomain.com pointing to /home/misc/www
and harv.somedomain.com pointing to /var/www/html

In Mandrake 9.2 (and i think for 9.1 too), the default installation of Apache includes .conf files in /etc/httpd/conf and /etc/httpd/conf/vhosts and /etc/httpd/conf.d/

Now as seen in many other threads (I'll reference at the end of this post), after you add the Virtualhost directives to /etc/httpd/conf/vhosts/Vhosts.conf in a fashion for name-based virtual hosting, things mess up.

Code:
NameVirtualHost *
<VirtualHost *>
DocumentRoot /var/www/html
ServerName harv.somedomain.com
</VirtualHost>

<VirtualHost *>
DocumentRoot /home/misc/www
ServerName misc.somedomain.com
</VirtualHost>

<VirtualHost *>
DocumentRoot /home/silly/www
ServerName silly.somedomain.com
</VirtualHost>
Things mess up after adding the above to Vhosts.conf and restarting httpd. You are only able to access your webpages using https://harv.somedomain.com/ (notice the 's' after http) SSL http protocol. I DON'T want to have to use https to access files in /home/misc/www.
This problem arises because SSL Vhosts is already set-up by default when installing Apache with Mandrake 9.2. (though this probably doesn't only apply to Mandrake). Looking at the file /etc/httpd/conf.d/41_mod_ssl.default-vhost.conf you'll see the following near the start of the file:

Code:
<IfModule mod_ssl.c>

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

#  General setup for the virtual host

DocumentRoot "/var/www/html"
#ServerName localhost:443
#ServerAdmin root@localhost
ErrorLog logs/ssl_error_log
<IfModule mod_log_config.c>
TransferLog logs/ssl_access_log
</IfModule>
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.

SSLEngine on

... Many more directives mostly related to SSL and ending with...

</VirtualHost>
</IfModule>
The line <VirtualHost _default_:443> appears to be the problem. The constant "_default_" keyword seems to be making the VirtualHost defined in this file (/etc/httpd/conf.d/41_mod_ssl.default-vhost.conf) wrap itself around or override the vhosts defined in /etc/httpd/conf/vhosts/Vhosts.conf. Thus making them all use SSL.
Quotes from http://httpd.apache.org/docs-2.0/mod/core.html
Quote:
The string _default_, which is used only with IP virtual hosting to catch unmatched IP addresses.
I believe _default_ is catching everything because we use the wildcard '*' in Vhosts.conf in the lines:
NameVirtualHost *
<VirtualHost *>

Quote:
the special name _default_ can be specified in which case this virtual host will match any IP address that is not explicitly listed in another virtual host. In the absence of any _default_ virtual host the "main" server config, consisting of all those definitions outside any VirtualHost section, is used when no IP-match occurs. (But note that any IP address that matches a NameVirtualHost directive will use neither the "main" server config nor the _default_ virtual host.)
Sounds confusing to me, and the part in brackets seems redundant

Now the solutions!
First, ensure that Apache is allowed to serve files from /home/users/www (in my case at least). The file /etc/httpd/conf/commonhttpd.conf is set to be restrictive on files outside of /var/www/html.
Code:
#Restricted set of options
<Directory />
  Options -All -Multiviews
  AllowOverride None
  <IfModule mod_access.c>
    Order deny,allow
    Deny from all
  </IfModule>
</Directory>
So I added, to commonhttpd.conf, some very lax rules (maybe too lax) on 'www' directories in user accounts.
Code:
<Directory /home/*/www>
    AllowOverride All
    Options MultiViews -Indexes Includes FollowSymLinks
    <IfModule mod_access.c>
      Order allow,deny
      Allow from all
    </IfModule>
</Directory>
Now, one way to fix the SSL Vhost configured in (/etc/httpd/conf.d/41_mod_ssl.default-vhost.conf is to change the line
Code:
<VirtualHost _default_:443> 

to a name that will match a request like

<VirtualHost harv.somedomain.com:443>
and I added the following line too but it doesn't seem to do much
ServerName harv.somedomain.com:443
After doing this I am able to use normal http protocol without SSL to reach:
http://silly.somedomain.com/
http://misc.somedomain.com/
http://harv.somedomain.com/
https://harv.somedomain.com/

But it also acts a little strange:
https://silly.somedomain.com/ and
https://misc.somedomain.com/
both go to the same page as https://harv.somedomain.com/.
However, https://silly.somedomain.com/webpage.html and https://misc.somedomain.com/webpage2.html end up going nowhere. Anyone care to explain?

So now only https://harv.somedomain.com/ can use SSL. I've also yet to try accessing these virtual hosts from my LAN which is behind this Linux-based web server/firewall.

Note that this means that only one certificate can be given out among these virtual hosts. But this is a limitation of name-based Virtual hosting and not of my proposed fix. It is a much discussed fact that you need multiple IP's each with their own domain name in order for your server to distribute unique certificates to visitors of those websites. i.e. only one of your virtual hosts using the given external IP can now use SSL.

There is another solution in which you replace the '*' wildcards with the actual numeric IP address in the file /etc/httpd/conf/vhosts/Vhosts.conf. But I believe this is called an IP-based virtual host. I'll test this solution out later... I've already spent too long on this... does anyone have any explanations why what I tried works?

Related threads:
http://www.linuxquestions.org/questi...tualhost+https
http://www.linuxquestions.org/questi...625#post193625
http://www.linuxquestions.org/questi...tualhost+https
http://www.mail-archive.com/modssl-u.../msg16357.html
http://www.linuxquestions.org/questi...tualhost+https
http://www.linuxquestions.org/questi...tualhost+https
http://www.linuxquestions.org/questi...135#post410135

Last edited by Silly22; 12-12-2003 at 08:32 PM.
 
Old 12-22-2003, 02:24 AM   #2
Silly22
LQ Newbie
 
Registered: Mar 2002
Location: Edmonton, AB
Distribution: Mandrake 10.2, Ubuntu 6.10
Posts: 26

Original Poster
Rep: Reputation: 15
Ok, now I've tried the other method, and after 2-3 hours of screwing around with the Vhosts.conf file and the 41_mod_ssl.default-vhost.conf, I've finally figured it out. This method works best with a static IP.

In the file /etc/httpd/conf/vhosts/Vhosts.conf.
Replace the '*'s (asterisks) with your IP and port 80 like below
Code:
NameVirtualHost XXX.XXX.XXX.201:80
<VirtualHost XXX.XXX.XXX.201:80>
DocumentRoot /var/www/html
ServerName harv.somedomain.com:80
</VirtualHost>

<VirtualHost XXX.XXX.XXX.201:80>
DocumentRoot /home/misc/www
ServerName misc.somedomain.com:80
</VirtualHost>

etc.
And then you'll have another name-based virtual host, specifically for connections to port 443 (https, SSL), in the file /etc/httpd/conf.d/41_mod_ssl.default-vhost.conf
Code:
<IfModule mod_ssl.c>

##
## SSL Virtual Host Context
##

NameVirtualHost XXX.XXX.XXX.201:443  #this is added to match https connections to this IP
<VirtualHost XXX.XXX.XXX.201:443>  #this replaces <VirtualHost _default_:443>
DocumentRoot /var/www/html
ServerName harv.somedomain.com:443

...Other directives in this file...

</VirtualHost>
</IfModule>
Mandrake Linux 9.2 has a pretty confusing default installation for Apache... I hope this helps people out.
 
Old 10-14-2009, 06:07 PM   #3
ronpeled
LQ Newbie
 
Registered: Oct 2009
Posts: 1

Rep: Reputation: 0
Thanks - totally resolved my issue!

Thanks Silly22, your solution helped me save a couple of hours. Only if I saw this yesterday...

I ended up using your first method just because it suited best for my project. Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache-ssl setup virtual hosts notolerance Linux - Software 3 12-22-2005 05:20 PM
Apache SSL, and Virtual Server problem Spreegem Debian 2 04-07-2005 05:54 PM
Apache + SSL + Virtual Hosts otisthegbs Linux - Software 3 10-05-2004 08:59 PM
Mulltiple SSL Virtual Hosts w/Apache jrbush82 Linux - Software 3 04-12-2004 03:49 PM
Apache SSL - how to virtual host two or more secure websites on the same machine? bjoshi Linux - Networking 0 08-30-2001 08:01 PM


All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration