Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
![Reply](https://www.linuxquestions.org/questions/images/buttons/reply.gif) |
|
03-17-2011, 11:36 AM
|
#1
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Rep:
|
Apache vhost config problems
I am trying to add a second vhost to my once working apache config. Now I have things really bollixed up and cannot access anything. I am getting a error 400. The access log shows this:
192.168.0.2 - - [17/Mar/2011:11:24:41 -0400] "GET /" 400 951
192.168.0.2 - - [17/Mar/2011:11:24:41 -0400] "GET /" 400 951 "-" "-"
I have a default (I think) httpd.conf file and put all my config stuff in files in vhosts.d. I have 3 files there:
defaults.conf
Code:
NameVirtualHost *
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Order Deny,Allow
Allow from all
Options -Indexes FollowSymLinks
</Directory>
vhost1.conf
Code:
<IfDefine HAVE_SSL>
<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
</IfDefine>
<VirtualHost *>
DocumentRoot "/var/www/html"
ServerName vhost1.mydomain.com
ServerAdmin root@localhost
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProtocol all -SSLv2
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/dap.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/dap.crt
</VirtualHost>
<FilesMatch "^index.htm | ^cufslogin.html | ^cufsregister.php">
AuthName "CUFS Alumni"
AuthType Basic
AuthMySQLUser uuuuuuuuuu
AuthMySQLPassword ppppppppppp
AuthMySQLEnable on
AuthMySQLPwEncryption scrambled
AuthMySQLDB cufsalumni
AuthMySQLUserTable alumni
AuthMySQLNameField username
AuthMySQLPasswordField pwdp
require valid-user
</FilesMatch>
<Directory "/var/www/html/backupmgr">
AuthName "Backup Administration"
AuthType Basic
AuthMySQLUser uuuuuuuuuu
AuthMySQLPassword ppppppppppp
AuthMySQLEnable on
AuthMySQLPwEncryption scrambled
AuthMySQLDB TapeMgmt
AuthMySQLUserTable Operators
AuthMySQLNameField username
AuthMySQLPasswordField pwd
require valid-user
</Directory>
vhost2.conf
Code:
<VirtualHost *>
DocumentRoot "/var/www/html/Erics_BBQ"
ServerName vhost2.mydomain.com
ServerAdmin root@localhost
</VirtualHost>
Can someone tell me what is wrong with my config? TIA.
|
|
|
03-17-2011, 11:42 AM
|
#2
|
Member
Registered: Aug 2009
Location: Chicago
Distribution: CentOS
Posts: 114
Rep:
|
Have you specified that apache should include configs in the vhosts.d directory?
|
|
|
03-17-2011, 12:16 PM
|
#3
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Quote:
Originally Posted by jcalzare
Have you specified that apache should include configs in the vhosts.d directory?
|
That is part of the standard httpd.conf
Code:
.
.
.
# virtual hosts configuration section
# Include virtual hosts, if any
Include conf/vhosts.d/*.conf
|
|
|
03-17-2011, 01:13 PM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Hi,
You should check error_log for hints about this error
Regards
|
|
|
03-17-2011, 01:20 PM
|
#5
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
Hi,
You should check error_log for hints about this error
Regards
|
Unfortunately it doesn't produce anything in the error log even with LogLevel set to debug. The only thing I get is what I posted from the access log.
|
|
|
03-17-2011, 01:39 PM
|
#6
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Quote:
192.168.0.2 - - [17/Mar/2011:11:24:41 -0400] "GET /" 400 951
|
Error 400 means bad request and should be logged in error_log, or whatever file logs errors.
Anyway how are you trying to access the server? Because there is no HTTP in the request. The correct entry in access_log should be
192.168.0.2 - - [17/Mar/2011:11:24:41 -0400] "GET / HTTP/1.1" 400 951
|
|
|
03-17-2011, 02:06 PM
|
#7
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Thanks for the replies.
That is odd. I access the page using 'http://vhost1.mydomain.com' from Firefox. I also added, '/index.html' but it made no difference. I know it is my config that is messed up somewhere because it worked on a single host before I did the virtual host configuration. Now both virtual hosts are doing the same thing. On some of the discussions about error 400, there was mention that the server may not know which VH is being requested but none of the solutions seem to help. It is frustrating that I cannot get anything in the error log other than the Apache messages when it starts.
FWIW, here is the error log from the last restart:
Code:
[Thu Mar 17 13:08:50 2011] [notice] SIGHUP received. Attempting to restart
[Thu Mar 17 13:08:50 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Mar 17 13:08:50 2011] [notice] Digest: done
[Thu Mar 17 13:08:51 2011] [notice] Apache/2.2.15 (Mandriva Linux/PREFORK-3.1mdv2010.1) mod_ssl/2.2.15 OpenSSL/1.0.0a PHP/5.3.5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
|
|
|
03-17-2011, 02:23 PM
|
#8
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Note that this is a client and not a server error. Are you by any chance access the webserver through a proxy, or it's behind a firewall?
Anyway if you want to check your vhosts you can run:
Or you can disable vhosts for the moment by commenting out the Include directive
|
|
|
03-17-2011, 02:37 PM
|
#9
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Commenting out the includes works, which I think confirms that the vhost config is the problem not something on the client side. Running httpd -S doesn't seem to give much but what it does say seems right to me.
|
|
|
03-17-2011, 03:17 PM
|
#10
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
So let's try a few things:
1. Make sure you have both Listen 80 and Listen 443 directives in your config files. Also use *:80 for NameVirtualHost
2. Remove the ssl stuff from the 1st vhost and add specific logging for each vhost.
3. Put the ssl stuff in ssl.conf (or whatever it's called in Mandriva)
To summarize your config files should contain:
Code:
httpd.conf
Listen 80
NameVirtualHost *:80
vhost1.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName vhost1.mydomain.com
ServerAdmin root@localhost
ErrorLog "logs/vhost1_error.log
CustomLog "logs/vhost1_access_log" combined
</VirtualHost>
vhost2.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/Erics_BBQ"
ServerName vhost2.mydomain.com
ServerAdmin root@localhost
ErrorLog "logs/vhost2_error.log
CustomLog "logs/vhost2_access_log" combined
</VirtualHost>
ssl.conf
Listen 443
ServerName vhost1.mydomain.com
ServerAdmin root@localhost
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProtocol all -SSLv2
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/dap.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/dap.crt
|
|
|
03-17-2011, 04:02 PM
|
#11
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Thanks again. Assuming I did everything right, here is the current state:
vhost1 works, however, the pages that are supposed to be secured via ssl gets a "problem loading page" error. The custom access log and error log are empty as are the regular logs. Since I'm not sure what to expect with this configuration, maybe that is OK.
vhost2 does not work, however there is an entry in that error log:
[Thu Mar 17 15:52:21 2011] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
Not sure why since that vhost does not use SSL.
|
|
|
03-17-2011, 04:26 PM
|
#12
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Quote:
vhost1 works, however, the pages that are supposed to be secured via ssl gets a "problem loading page" error. The custom access log and error log are empty as are the regular logs. Since I'm not sure what to expect with this configuration, maybe that is OK
|
No, it's not OK. There should be entries at least in the vhost1 access_log, or the default error_log
To force ssl for vhost1 you can use either mod_rewrite or Redirect
Code:
<VirtualHost *:80>
# DocumentRoot "/var/www/html"
Redirect / https.vhost1.mydomain.com
ServerName vhost1.mydomain.com
ServerAdmin root@localhost
ErrorLog "logs/vhost1_error.log
CustomLog "logs/vhost1_access_log" combined
</VirtualHost>
Quote:
Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
|
Check the config files for a 2nd occurrence of "SSLEngine on".
And to check what vhost is what, run again
Ah, you need to define a DocumentRoot for the ssl vhost1
Last edited by bathory; 03-17-2011 at 04:30 PM.
|
|
|
03-17-2011, 06:17 PM
|
#13
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Since there is nothing in the log do do I debug logging?
I only want to protect one sub-directory won't your suggestion apply to the entire VH? Also you had me remove all the authentication stuff from that sub-directory.
There is only one SSLEngine statement in all the conf files (ssl.conf).
I added the DocumentRoot to the ssl.conf.
Apache won't run with the ssl.conf.
(98)Address already in use: make_sock: could not bind to address [::]:443
If I remove the ssl.conf then Apache starts. Here is what I thought wanted me to do:
ssl.conf
Quote:
Listen 443
ServerName vhost1.mydomain.com
ServerAdmin root@localhost
DocumentRoot "/var/www/html/cufs"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProtocol all -SSLv2
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/dap.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/dap.crt
|
|
|
|
03-17-2011, 07:18 PM
|
#14
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,217
|
Quote:
Since there is nothing in the log do do I debug logging?
|
I guess you're looking in the wrong place. You can use absolute pathnames for the log files, like "ErrorLog "l/var/log/httpd/lvhost1_error.log" and so on
Quote:
I only want to protect one sub-directory won't your suggestion apply to the entire VH? Also you had me remove all the authentication stuff from that sub-directory.
|
If you mean to protect using ssl, yes my suggestion will apply to the whole vhost. But you can do the same for the directory you want to protect
If you want to use the Auth stuff to protect a directory, then you need to add the Auth directives in that Directory stanza
Quote:
Apache won't run with the ssl.conf.
(98)Address already in use: make_sock: could not bind to address [::]:443
|
Then I guess there is another "Listen 443" directive in some config file. I don't know how Mandriva splits the config files.
Quote:
If I remove the ssl.conf then Apache starts. Here is what I thought wanted me to do:
|
Does it start also in ssl mode?
And please port the output of
|
|
|
03-18-2011, 04:08 AM
|
#15
|
Member
Registered: Mar 2004
Distribution: Mandriva 2010.0
Posts: 251
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
I guess you're looking in the wrong place. You can use absolute pathnames for the log files, like "ErrorLog "l/var/log/httpd/lvhost1_error.log" and so on
|
Isn't that what you already had me do?
Quote:
Originally Posted by bathory
If you mean to protect using ssl, yes my suggestion will apply to the whole vhost. But you can do the same for the directory you want to protect
If you want to use the Auth stuff to protect a directory, then you need to add the Auth directives in that Directory stanza
|
You had me remove that during this testing so I put it back. Now I have an additional problem where PHP_AUTH_USER is not being set. This is getting really ugly but its probably better to concentrate on one problem at a time.
Quote:
Originally Posted by bathory
Then I guess there is another "Listen 443" directive in some config file. I don't know how Mandriva splits the config files.
Does it start also in ssl mode?
|
That's what I would have thought but I can't find one. If I try to use https without the ssl.conf file I get a secure connection failed message:
SSL received a record that exceeded the maximum permissible length
That seems like an odd message if SSL is not running. I did a 'grep -r 443 *' and only 1 entry showed up and that was in the ssl.conf file.
Quote:
Originally Posted by bathory
And please port the output of
|
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server vhost1.mydomain.com (/etc/httpd/conf/vhosts.d/vhost1.conf:6)
port 80 namevhost vhost1.mydomain.com (/etc/httpd/conf/vhosts.d/vhost1.conf:6)
port 80 namevhost vhost2.mydomain.com (/etc/httpd/conf/vhosts.d/vhost2.conf:1)
Syntax OK
|
|
|
All times are GMT -5. The time now is 06:18 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|