LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-16-2009, 02:56 PM   #1
own3mall
LQ Newbie
 
Registered: Aug 2009
Posts: 20

Rep: Reputation: 0
Apache2 SLL Issues


Why does SSL work when the ports.conf file is setup this way:

Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *
Listen 80

<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443

<VirtualHost *:443>
        ServerName 75.71.130.52
        DocumentRoot /var/www-ssl/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key 

</VirtualHost>

</IfModule>
and not work when it is setup this way:

Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *
Listen 80

<VirtualHost *:80>
        ServerName 75.71.130.52:80
        DocumentRoot /var/www/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443

<VirtualHost *:443>
        ServerName 75.71.130.52
        DocumentRoot /var/www-ssl/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key 

</VirtualHost>

</IfModule>
The above returns the following error:

Code:
ssl_error_rx_record_too_long
Can I not run both non-ssl virtual hosts and ssl virtual host together?
 
Old 08-16-2009, 04:05 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
You need to define both
Code:
NameVirtualHost *:80
NameVirtualHost *:443
to be able to use vhosts on port 80 and 443.
 
Old 08-16-2009, 05:42 PM   #3
own3mall
LQ Newbie
 
Registered: Aug 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
You need to define both
Code:
NameVirtualHost *:80
NameVirtualHost *:443
to be able to use vhosts on port 80 and 443.
Thanks for the response. I tried that, and it didn't work.

Here's what it looks like now:

Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<VirtualHost *:80>
        ServerName 75.71.130.52
        DocumentRoot /var/www/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
 

</VirtualHost>

<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443

<VirtualHost *:443>
        ServerName 75.71.130.52
        DocumentRoot /var/www-ssl/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key 

</VirtualHost>
</IfModule>
SSL still returns

Code:
An error occurred during a connection to localhost:443.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)
Any other ideas? What's wrong?
 
Old 08-17-2009, 12:20 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
From the config file you've posted it looks like you're running apache on debian. If that's the case, take a look at this guide to see how to enable SSL for apache on debian.
 
Old 08-17-2009, 01:23 AM   #5
own3mall
LQ Newbie
 
Registered: Aug 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
From the config file you've posted it looks like you're running apache on debian. If that's the case, take a look at this guide to see how to enable SSL for apache on debian.
Followed that guide to the letter, and it still doesn't work. That's how I set it up to begin with.

Code:
root@eric-desktop:~# sudo /etc/init.d/apache2 restart 
 * Restarting web server apache2                                                                                [Mon Aug 17 00:20:15 2009] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:15 2009] [error] VirtualHost *:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:15 2009] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:15 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
[Mon Aug 17 00:20:15 2009] [warn] NameVirtualHost *:443 has no VirtualHosts
 ... waiting [Mon Aug 17 00:20:17 2009] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:17 2009] [error] VirtualHost *:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:17 2009] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Mon Aug 17 00:20:17 2009] [warn] NameVirtualHost *:80 has no VirtualHosts
[Mon Aug 17 00:20:17 2009] [warn] NameVirtualHost *:443 has no VirtualHosts
Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

Listen 80


<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443


</IfModule>

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
        ServerName 75.71.130.52
        DocumentRoot /var/www/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
 

</VirtualHost>

<VirtualHost *:443>
        ServerName 75.71.130.52
        DocumentRoot /var/www-ssl/
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key 

</VirtualHost>
Any other ideas?
 
Old 08-17-2009, 02:01 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
Running apache in debian could be a little tricky. There are different config files that you have to edit to make it work.
The 2 Listen directives go in ports.conf. If you want to use ssl you have to enable the ssl module. If you want to create a ssl vhost you have to put its config in sites-available and enable vhost. I hope this could be helpful.

Regards
 
Old 08-18-2009, 02:59 PM   #7
own3mall
LQ Newbie
 
Registered: Aug 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Running apache in debian could be a little tricky. There are different config files that you have to edit to make it work.
The 2 Listen directives go in ports.conf. If you want to use ssl you have to enable the ssl module. If you want to create a ssl vhost you have to put its config in sites-available and enable vhost. I hope this could be helpful.

Regards
I've tried everything, and I still cannot get it to work. Any other ideas?
 
Old 08-18-2009, 05:14 PM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
You problem looks like the one in post 48 in the 1st link I gave you. Take a look at the reply next to it to see if it helps.
Another idea is to uninstall apache and all its config files and then reinstall apache and configure it from scratch using a good howto. Use either one of the previous posts, or maybe this and pay attention to the comments.

Regards
 
Old 08-29-2009, 12:52 AM   #9
own3mall
LQ Newbie
 
Registered: Aug 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
You problem looks like the one in post 48 in the 1st link I gave you. Take a look at the reply next to it to see if it helps.
Another idea is to uninstall apache and all its config files and then reinstall apache and configure it from scratch using a good howto. Use either one of the previous posts, or maybe this and pay attention to the comments.

Regards
Thanks for all of the help, but I just can't get it to work.

According to post 49, I should delete 000-default file?

Anything else I can try, as I really have read these guides, but it just doesn't want to handle both ssl and non-ssl connections.
 
Old 08-29-2009, 02:53 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
Quote:
According to post 49, I should delete 000-default file?
This is a symlink to /etc/apache2/sites-available/default. I guess you can delete it, but I suggest you to do a recursive search on all these config files and make sure that you use "NameVirtualHost *:80" and "NameVirtualHost *:443" in all of them. Something like that:
Code:
grep -r NameVirtualHost /etc/apache2
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 and php5 issues! AuzJ Linux - Software 1 05-27-2009 02:27 PM
Understanding Linux SLL cooked capture encapsulation packet information evilfish Programming 1 10-23-2008 06:04 AM
Apache2 DynDNS issues on Ubuntu 6.10 chris.raighn Linux - Networking 2 11-30-2006 03:25 PM
SLL cert in Suse jimshain Linux - General 4 01-11-2006 10:00 AM
10.1 installation/Apache2 issues gstark Mandriva 0 09-27-2004 04:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration