| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
10-14-2010, 11:25 AM
|
#1
|
|
Member
Registered: Apr 2004
Location: Texas
Distribution: Debian
Posts: 41
Rep: 
|
Apache2 configuration - help me understand VirtualHost vs NameVirtualHost
Try as I might, figuring out when to use NameVirtualHost vs VirtualHost in Apache2 configuration file has me totally baffled. I am hoping someone can give me a quick primer on the proper way to use them.
My setup: Debian 5 running Apache2 server.
1 server has roughly 50 different websites running on it. Eg.
Main site is http://physics.tamu.edu. Going to www.physics should display the same page.
Going to http://astronomy.physics.tamu.edu should show (and does) that site. Going to http://physicsfestival.tamu.edu should (and does) goto that site.
My problem is that when I restart apache, I get tons of warnings:
Code:
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost collider.physics.tamu.edu:443 overlaps with VirtualHost www.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost www.physics.tamu.edu:443 overlaps with VirtualHost collider.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost webmail.physics.tamu.edu:443 overlaps with VirtualHost webmail.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost webmail.physics.tamu.edu:80 overlaps with VirtualHost webmail.physics.tamu.edu:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost tasks.physics.tamu.edu:443 overlaps with VirtualHost tasks.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost tasks.physics.tamu.edu:80 overlaps with VirtualHost tasks.physics.tamu.edu:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost physics.tamu.edu:443 overlaps with VirtualHost physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] VirtualHost collider.physics.tamu.edu:443 overlaps with VirtualHost www.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:03 2010] [warn] NameVirtualHost *:443 has no VirtualHosts
[Thu Oct 14 10:44:03 2010] [warn] NameVirtualHost *:443 has no VirtualHosts
[Thu Oct 14 10:44:03 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Oct 14 10:44:03 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
... waiting [Thu Oct 14 10:44:05 2010] [warn] VirtualHost collider.physics.tamu.edu:443 overlaps with VirtualHost www.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost www.physics.tamu.edu:443 overlaps with VirtualHost collider.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost webmail.physics.tamu.edu:443 overlaps with VirtualHost webmail.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost webmail.physics.tamu.edu:80 overlaps with VirtualHost webmail.physics.tamu.edu:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost tasks.physics.tamu.edu:443 overlaps with VirtualHost tasks.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost tasks.physics.tamu.edu:80 overlaps with VirtualHost tasks.physics.tamu.edu:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost physics.tamu.edu:443 overlaps with VirtualHost physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] VirtualHost collider.physics.tamu.edu:443 overlaps with VirtualHost www.physics.tamu.edu:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Thu Oct 14 10:44:05 2010] [warn] NameVirtualHost *:443 has no VirtualHosts
[Thu Oct 14 10:44:05 2010] [warn] NameVirtualHost *:443 has no VirtualHosts
[Thu Oct 14 10:44:05 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
[Thu Oct 14 10:44:05 2010] [warn] NameVirtualHost *:80 has no VirtualHosts
Contents of 00-virtualhosts.conf:
Code:
NameVirtualHost *:80
NameVirtualHost *:443
# Virtualhost definition are in a site-specific file.
Contents of conf.d/collider.physics.tamu.edu:
Code:
<VirtualHost *:80>
ServerAdmin support@physics.tamu.edu
ServerName collider.physics.tamu.edu
ServerAlias Collider collider
DocumentRoot /var/www/collider/htdocs/
ScriptAlias /cgi-bin/ /var/www/collider/cgi-bin/
Redirect permanent /internal https://collider.physics.tamu.edu/internal
<Directory /var/www/collider.physics.tamu.edu/internal/>
AuthType Basic
AuthName "Collider Internal"
AuthPAM_Enabled On
AuthBasicAuthoritative off
Require valid-user
</Directory>
</VirtualHost>
<VirtualHost collider.physics.tamu.edu:443>
ServerAdmin support@physics.tamu.edu
ServerName collider.physics.tamu.edu
ServerAlias Collider collider
DocumentRoot /var/www/collider/htdocs/
ScriptAlias /cgi-bin/ /var/www/collider/cgi-bin/
<Directory /var/www/collider.physics.tamu.edu/internal/>
AuthType Basic
AuthName "Department of Physics"
AuthPAM_Enabled On
AuthBasicAuthoritative off
Require valid-user
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/ssl.crt/collider.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/collider.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
Contents of conf.d/physics.tamu.edu:
Code:
<VirtualHost *:80>
ServerName physics.tamu.edu
ServerAdmin support@physics.tamu.edu
ServerAlias www
DocumentRoot /var/www/www2.physics.tamu.edu/
ErrorLog /var/log/apache2/www2-error_log
CustomLog /var/log/apache2/www2-access_log combined
Options Indexes FollowSymLinks Includes
ScriptAlias /cgi-bin/ "/var/www/www2.physics.tamu.edu/cgi-bin/"
Alias /images/ "/var/www/www2.physics.tamu.edu/images/"
<Directory /var/www/www2.physics.tamu.edu/lib/>
Order Deny,Allow
Deny From All
</Directory>
Redirect permanent /authentication https://www.physics.tamu.edu/authentication
Redirect permanent /BuildingPlans https://www.physics.tamu.edu/BuildingPlans
Redirect permanent /data https://www.physics.tamu.edu/data
Redirect permanent /ldapadmin https://www.physics.tamu.edu/ldapadmin
Redirect permanent /pos/admin https://www.physics.tamu.edu/pos/admin
Redirect permanent /squirrelmail https://www.physics.tamu.edu/squirrelmail
Redirect permanent /tasks https://tasks.physics.tamu.edu
Redirect permanent /services/comp_support/docs https://physics.tamu.edu/services/comp_support/docs
</VirtualHost>
<VirtualHost physics.tamu.edu:443>
ServerName physics.tamu.edu
ServerAdmin support@physics.tamu.edu
DocumentRoot /var/www/www2.physics.tamu.edu/
ErrorLog /var/log/apache2/www2-ssl-error_log
CustomLog /var/log/apache2/www2-ssl-access_log combined
ScriptAlias /cgi-bin/ "/var/www/www2.physics.tamu.edu/cgi-bin/"
Alias /images/ "/var/www/www2.physics.tamu.edu/images/"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/ssl.crt/physics.tamu.edu.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/physics.key
SSLCertificateChainFile /etc/apache2/ssl.bundle/gd_bundle.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
so - what am I doing wrong? |
|
|
|
|
10-14-2010, 11:34 AM
|
#2
|
|
Senior Member
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Rep:
|
If you use same single ip for multiple websites then its named based virtual host.
With name-based virtual hosts, one instance of Apache hosts several domains. You do not need to set up multiple IPs for a machine.
To activate name-based virtual hosts, specify a suitable directive. NameVirtualHost *. * is sufficient to prompt Apache to accept all incoming requests. Subsequently, configure the individual hosts:
Example:
Quote:
<VirtualHost *>
ServerName www.example.com
DocumentRoot /home/www/htdocs/example.com
ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/www.example.com-error_log
CustomLog /var/log/apache2/www.example.com-access_log common
</VirtualHost>
<VirtualHost *>
ServerName www.myothercompany.com
DocumentRoot /home/www/htdocs/myothercompany.com
ServerAdmin webmaster@myothercompany.com
ErrorLog /var/log/apache2/www.myothercompany.com-error_log
CustomLog /var/log/apache2/www.myothercompany.com-access_log common
</VirtualHost>
|
IP Based virtual hosting alternative requires the setup of multiple IPs for a machine. In this case, one instance of Apache hosts several domains, each of which is assigned a different IP.
Example:
Quote:
<VirtualHost 192.168.1.20>
ServerName www.myothercompany.com
DocumentRoot /home/www/htdocs/myothercompany.com
ServerAdmin webmaster@myothercompany.com
ErrorLog /var/log/apache2/www.myothercompany.com-error_log
CustomLog /var/log/apache2/www.myothercompany.com-access_log common
</VirtualHost>
<VirtualHost 192.168.1.21>
ServerName www.anothercompany.com
DocumentRoot /home/www/htdocs/anothercompany.com
ServerAdmin webmaster@anothercompany.com
ErrorLog /var/log/apache2/www.anothercompany.com-error_log
CustomLog /var/log/apache2/www.anothercompany.com-access_log common
</VirtualHost>
|
Quote:
For Apache to host multiple IPs, the underlying machine must accept requests for multiple IPs. This is called multi-IP hosting. For this purpose, IP aliasing must be activated in the kernel.
Once the kernel has been configured for IP aliasing, the commands ifconfig and route can be used to set up additional IPs on the host. These commands must be executed as root. For the following example, it is assumed that the host already has its own IP, such as 192.168.1.10, which is assigned to the network device eth0.
Enter the command ifconfig to find out the IP of the host. Further IPs can be added with commands like the following:
/sbin/ifconfig eth0:0 192.168.1.20
/sbin/ifconfig eth0:1 192.168.1.21
All these IPs are assigned to the same physical network device (eth0).
|
Last edited by prayag_pjs; 10-14-2010 at 11:37 AM.
|
|
|
1 members found this post helpful.
|
|
10-14-2010, 11:40 AM
|
#3
|
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
Apache can support multiple virtual hosts. The virtual hosts can be on separate IP addresses or you can have one IP address with multiple named virtual hosts. For example, on address 1.2.3.4 you could have server1.domain and server2.domain and serve up different pages. This is achieved by part of the connection process where the desired server is identified by name.
SSL / secure web pages however (port 443 typically) technically don't support this. The reason is that the secure connection is established before the server name is known and the process uses only IP addresses. Consequently, when you try to have multiple named virtual hosts that are secure, you get warnings like you have seen. While it will 'work' in as much as you will get encrypted web sites, only the first declared host will have the 'valid' certificate. Depending on your application, this may or may not be a problem. For example, I run a server for a small e-commerce site and this site has the certificate and it is valid for that site. I also run a named domain on the same server and make it a secured site. It uses the 'wrong' certificate, but as it is my personal web mail, I don't care, but a customer to the e-commerce site would.
There continues to be growing interest in individuals wanting to run multiple secure hosts with one IP and to this end there has been proposals made to change the protocols. For example, the GNU TLS supports a technique called SNI (server name indication) where the requested server name is used as part of the establishment of the secure connection and can support this. Others have patched the SSL libraries to support this functionality too. I had read that future versions of Apache will support this feature, but I don't believe that the present ones do.
Also, when you want to use name virtual hosts (port 80) specify that you have named virtual hosts on port 80 and then declare the virtual hosts by name:80 like you did and then use the server name directive.
Hope this helps clarify what is happening for you.
|
|
|
1 members found this post helpful.
|
|
10-14-2010, 11:43 AM
|
#4
|
|
Member
Registered: Apr 2004
Location: Texas
Distribution: Debian
Posts: 41
Original Poster
Rep:
|
Thank you for the VERY quick response!
Quote:
Originally Posted by prayag_pjs
To activate name-based virtual hosts, specify a suitable directive. NameVirtualHost *.
|
Where do I put this directive (in the conf.d/00-virtualhosts file?)?
Quote:
IP Based virtual hosting alternative requires the setup of multiple IPs for a machine. In this case, one instance of Apache hosts several domains, each of which is assigned a different IP.
Example:
|
Actually, MOST of these use the same IP number as the "main site", but there are a couple that use different IPs (which the server is already setup to answer). |
|
|
|
|
10-14-2010, 11:45 AM
|
#5
|
|
Member
Registered: Apr 2004
Location: Texas
Distribution: Debian
Posts: 41
Original Poster
Rep:
|
Quote:
Originally Posted by Noway2
Apache can support multiple virtual hosts. The virtual hosts can be on separate IP addresses or you can have one IP address with multiple named virtual hosts. For example, on address 1.2.3.4 you could have server1.domain and server2.domain and serve up different pages. This is achieved by part of the connection process where the desired server is identified by name.
SSL / secure web pages however (port 443 typically) technically don't support this. The reason is that the secure connection is established before the server name is known and the process uses only IP addresses. Consequently, when you try to have multiple named virtual hosts that are secure, you get warnings like you have seen. While it will 'work' in as much as you will get encrypted web sites, only the first declared host will have the 'valid' certificate. Depending on your application, this may or may not be a problem. For example, I run a server for a small e-commerce site and this site has the certificate and it is valid for that site. I also run a named domain on the same server and make it a secured site. It uses the 'wrong' certificate, but as it is my personal web mail, I don't care, but a customer to the e-commerce site would.
There continues to be growing interest in individuals wanting to run multiple secure hosts with one IP and to this end there has been proposals made to change the protocols. For example, the GNU TLS supports a technique called SNI (server name indication) where the requested server name is used as part of the establishment of the secure connection and can support this. Others have patched the SSL libraries to support this functionality too. I had read that future versions of Apache will support this feature, but I don't believe that the present ones do.
Also, when you want to use name virtual hosts (port 80) specify that you have named virtual hosts on port 80 and then declare the virtual hosts by name:80 like you did and then use the server name directive.
Hope this helps clarify what is happening for you.
|
<A light bulb of understanding just went on above my head!> |
|
|
|
|
10-14-2010, 12:42 PM
|
#6
|
|
Senior Member
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Rep:
|
|
|
|
|
|
10-14-2010, 12:42 PM
|
#7
|
|
Senior Member
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Rep:
|
|
|
|
1 members found this post helpful.
|
|
10-19-2010, 11:55 PM
|
#9
|
|
Senior Member
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Rep:
|
Hi,
We have given and you have referred so many sites.
Please give it a try and when you get stuck some where we will help you.
|
|
|
|
|
10-20-2010, 04:28 AM
|
#10
|
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
As a rough template you would have something like the following:
Code:
NameVirtualHost *:80
<VirtualHost 192.0.0.10:443>
ServerName secure1.mydomain.com
(Server Directives Here)
</VirtualHost>
<VirtualHost 192.0.0.11:443>
ServerName secure2.mydomain.com
(Server Directives Here)
</VirtualHost>
<VirtualHost *:80>
ServerName site1.mydomain.com
(Server Directives Here)
</VirtualHost>
What areas you are having confusion about? Perhaps we can help provide a more targeted answer. |
|
|
1 members found this post helpful.
|
|
10-20-2010, 08:14 AM
|
#11
|
|
Member
Registered: Apr 2004
Location: Texas
Distribution: Debian
Posts: 41
Original Poster
Rep:
|
Quote:
Originally Posted by Noway2
As a rough template you would have something like the following:
Code:
NameVirtualHost *:80
<VirtualHost 192.0.0.10:443>
ServerName secure1.mydomain.com
(Server Directives Here)
</VirtualHost>
<VirtualHost 192.0.0.11:443>
ServerName secure2.mydomain.com
(Server Directives Here)
</VirtualHost>
<VirtualHost *:80>
ServerName site1.mydomain.com
(Server Directives Here)
</VirtualHost>
What areas you are having confusion about? Perhaps we can help provide a more targeted answer. |
This is VERY useful. So if I have multiple secure pages (each with their own IP & certificate), I do NOT use
Code:
NameVirtualHost *:443
Correct?
I have a followup question that I think I know the answer to. If secure1 & secure2 also have non-secure pages, I assume I also include
Code:
<VirtualHost *:80>
ServerName secure1.mydomain.com
(Server Directives Here)
</VirtualHost>
<VirtualHost *:80>
ServerName secure2.mydomain.com
(Server Directives Here)
</VirtualHost>
Correct?
Followup question 2:
If I have secure pages for for secure1 & secure2, is there any reason to have NON-secure pages?
Last edited by CNBarnes; 10-20-2010 at 08:17 AM.
|
|
|
|
|
10-20-2010, 11:38 AM
|
#12
|
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
To be TECHNICALLY correct, no you don't use NameVirtualHost on 443 (secure servers). This goes back to my original post, that a secure page doesn't resolve based upon name per the SSL protocol. It will work, at least more or less, if you do, but one of the sites won't get the correct certificate and you will get apache warnings.
I think your syntax for followup question1 will work. You can also have <VirtualHost 192.0.0.10:80>. The primary reason you would want to have non secure pages where the encryption isn't required is that the secure pages take a lot more processing overhead, especially on the server. Initially the secure transaction is accomplished using a form of PKI (public key infrastructure) which allows a client to establish a one way encrypted connection and to also verify the authenticity of the host using a 3rd party verification server (such as verisign). This is a slow process which requires a good bit of math. After establishing the secure channel, the encryption is done with temporary synchronous ciphers which are a lot faster. If you get an appreciable amount of traffic establishing all the connections can become an unnecessary burden on your system.
|
|
|
2 members found this post helpful.
|
All times are GMT -5. The time now is 06:56 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
