Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

ksh xxx, wwwwxxxw CD, wwwwxxxw CD, xx xmo, xxxmo,cvery, xxxcomwww xxxcomwww xxxcom, xxxxxnb, xxxxxnb, xxxxxnb, xxxxxnb

Links

XODOX
Impressum

#1: Enable/disable SSL in virutal hosts

Posted on 2005-01-01 00:40:45 by Mike Fratto

I am trying to configure apache 1.3.33 with modssl2.8.22-1.3.33 on a =
virual
host but only for a specific directory. I have SSL working for the doc =
root
for various virtual hosts. I have read through the mod_ssl docs, and
O'Reilly's Apache guide, but I haven't been able to get it to work.=20

Specifically, for the servername sam, when a browser hits the =
DocumentRoot,
I want to ensure that SSL is not invoked (just for performance reasons) =
but
when a user hits /admin, then SSL must be invoked. I have tried various
tweaks to no avail (the virtual host section is below). I know that I am
using the correct httpd.conf file because when I fat finger a directive, =
and
stop and start apache, I get an error. Changes to SSLEngine off|on seem =
to
have no effect.

Any ideas, thanks.


NameVirtualHost 192.168.10.50:80



# Disable SSL first
SSLEngine off

<VirtualHost 192.168.10.50:80>
SSLEngine off
ServerAdmin root@localhost
DocumentRoot /www/htdocs
ServerName storage
ErrorLog logs/error_log
CustomLog logs/access_log combined
</VirtualHost>

<VirtualHost 192.168.10.50:80>
SSLEngine off
ServerAdmin root@localhost
DocumentRoot /www/sam
ServerName sam
ErrorLog logs/sam_error_log
CustomLog logs/sam_access_log combined
</VirtualHost>

<VirtualHost 192.168.10.50:443>
SSLEngine on
ServerName sam
DocumentRoot /www/sam
SSLCertificateFile /www/conf/ssl.crt/sam.cert
SSLCertificateKeyFile /www/conf/ssl.key/sam.key
SSLVerifyClient 0
ErrorLog logs/sam_error_log
CustomLog logs/sam_access_log combined

<Directory "/www/sam/admin">
SSLRequireSSL
SSLOptions +StrictRequire
# AuthType basic
# AuthName admin
# AuthUserFile /www/auth/admin-users
# AuthGroupFile /www/auth/groups
# require valid-user
</Directory>
</VirtualHost>

<VirtualHost 192.168.10.50:80>
SSLDisable
ServerAdmin root@localhost
DocumentRoot /www/mike
ServerName mike
ErrorLog logs/mike_error_log
CustomLog logs/mike_access_log combined
</VirtualHost>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#2: RE: Enable/disable SSL in virutal hosts

Posted on 2005-01-01 01:11:52 by dashley

Hi Mike,

Thanks for the information. You've provided more information than most
posters, including corroboration that the server is reading the
configuration file.

Unfortunately, as best I can tell, you haven't indicated what exactly isn't
working.

Is it that when you visit the DocumentRoot, SSL is invoked?

Or is it when you visit /admin, SSL is not invoked?

Or is it something else not working?

Additionally, it would be helpful if you paste in the entire configuration
file (not just an excerpt).

One thing that catches my eye is immediately is that directories are
normally declared outside the virtual hosts sections and then Alias'd in.
I'd need to see the whole configuration file to get context on what you're
doing.

Best regards and happy new year!

Dave.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Mike Fratto
Sent: Friday, December 31, 2004 6:41 PM
To: modssl-users@modssl.org
Subject: Enable/disable SSL in virutal hosts


I am trying to configure apache 1.3.33 with modssl2.8.22-1.3.33 on a virual
host but only for a specific directory. I have SSL working for the doc root
for various virtual hosts. I have read through the mod_ssl docs, and
O'Reilly's Apache guide, but I haven't been able to get it to work.

Specifically, for the servername sam, when a browser hits the DocumentRoot,
I want to ensure that SSL is not invoked (just for performance reasons) but
when a user hits /admin, then SSL must be invoked. I have tried various
tweaks to no avail (the virtual host section is below). I know that I am
using the correct httpd.conf file because when I fat finger a directive, and
stop and start apache, I get an error. Changes to SSLEngine off|on seem to
have no effect.

Any ideas, thanks.


NameVirtualHost 192.168.10.50:80



# Disable SSL first
SSLEngine off

<VirtualHost 192.168.10.50:80>
SSLEngine off
ServerAdmin root@localhost
DocumentRoot /www/htdocs
ServerName storage
ErrorLog logs/error_log
CustomLog logs/access_log combined
</VirtualHost>

<VirtualHost 192.168.10.50:80>
SSLEngine off
ServerAdmin root@localhost
DocumentRoot /www/sam
ServerName sam
ErrorLog logs/sam_error_log
CustomLog logs/sam_access_log combined
</VirtualHost>

<VirtualHost 192.168.10.50:443>
SSLEngine on
ServerName sam
DocumentRoot /www/sam
SSLCertificateFile /www/conf/ssl.crt/sam.cert
SSLCertificateKeyFile /www/conf/ssl.key/sam.key
SSLVerifyClient 0
ErrorLog logs/sam_error_log
CustomLog logs/sam_access_log combined

<Directory "/www/sam/admin">
SSLRequireSSL
SSLOptions +StrictRequire
# AuthType basic
# AuthName admin
# AuthUserFile /www/auth/admin-users
# AuthGroupFile /www/auth/groups
# require valid-user
</Directory>
</VirtualHost>

<VirtualHost 192.168.10.50:80>
SSLDisable
ServerAdmin root@localhost
DocumentRoot /www/mike
ServerName mike
ErrorLog logs/mike_error_log
CustomLog logs/mike_access_log combined
</VirtualHost>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#3: RE: Enable/disable SSL in virutal hosts

Posted on 2005-01-12 23:24:54 by Mike Fratto

>Hi Mike,
>
>Thanks for the information. You've provided more information than most
>posters, including corroboration that the server is reading the
>configuration file.

Dave, thanks for responding. Actually, about 20 minutes after I posted the
request for help, I realized that if I defined a directory in the virtual
host for port 80, and and denied access to SSL connection, it worked.

Now to find out why I am not getting email from this list. Grrr.

mike

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message