HTTPS virtualhosts
am 06.04.2007 07:47:24 von MichaelHi everyone,
For starters, I'm not sure if I should be posting here or to Apache, but
they sort of steered me here, so I thought I'd start here at least -- if
not, please let me know. :-)
Anyway, I'm having issues with getting SSL and virtualhosts working with
Apache. Now, before you point me at the FAQ, it's not the obvious question.
What I'm trying to do is get multiple HTTPS hosts working on the same IP --
but using a wildcard SSL certificate.
My config is doing using mod_perl configuration, and I've copied it below.
Essentially, the idea is that I have a directory tree that looks like
/srv/www/
way, I can just make a new directory/subdomain/etc., reload the apache
config, and it's all done and listening for me. And, since you can only have
one SSL cert per IP, I just have /srv/www/
and that's the certificate used for that IP (so any HTTPS vhost created for
that IP will use that certificate). You may think that's a bit weird, but
there's a few circumstances that I want to use that - for example, wildcard
certificates I can have many vhosts per IP (within the same domain), and
also other times when I don't care if it cert mismatches, I just want an SSL
connection.
Anyway, the HTTP stuff is working great, and the config *appears* to check
out OK:
[ root@bob:~ ] # apache2 -S
VirtualHost configuration:
1.2.3.4:80 is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost sallaway.org (mod_perl:121)
port 80 namevhost www.sallaway.org (mod_perl:177)
1.2.3.4:443 is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost sallaway.org (mod_perl:1)
port 443 namevhost www.sallaway.org (mod_perl:78)
Syntax OK
..... however when I try to reload the config file, it complains and whinges
a lot about SSL conflicts (error.log):
[warn] Init: SSL server IP/port conflict: bob.sallaway.org:443 (mod_perl:12)
vs. www.sallaway.org:443 (mod_perl:78)
[warn] Init: SSL server IP/port conflict: sallaway.org:443 (mod_perl:1) vs.
www.sallaway.org:443 (mod_perl:78)
[warn] Init: You should not use name-based virtual hosts in conjunction with
SSL!!
I was sort of hoping "hmmm, they're just warnings, maybe it will be OK", but
it appears not -- when I load the page, it gives me a "Connection
Interrupted" or "Action Cancelled" (pick your browser) and I get this in the
error.log:
[error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03
Does anyone have any ideas what I can do to fix it at all, or why it's
happening?
Thanks for your help.
Cheers,
Michael
relevant apache config:
NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443
ServerName www.non.existant.host.com
ServerName www.non.existant.host.com
my $www_path = "/srv/www";
my @ip_array;
my $ip_number;
my @subdomain_array;
my $subdomain_name;
my $subdomain_address;
my $domain_name;
for $ip (<$www_path/*>) {
@ip_array = split /\//, "$ip";
$ip_number = $ip_array[-1];
for $domain (<$ip/*>) {
for $http_subdomain (<$domain/content/*>) {
@subdomain_array = split /\//, "$http_subdomain";
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . ".";
$domain_name = $subdomain_array[-3];
$subdomain_address = "" if $subdomain_name eq "_";
push @{ $VirtualHost{"$ip_number:80"} },
{
ServerName => "${subdomain_address}${domain_name}",
DocumentRoot => "${domain}/content/${subdomain_name}",
ServerSignature => "On",
ErrorLog => "$domain/logs/error.log",
CustomLog => ["$domain/logs/access.log", "virtual"],
LogLevel => "warn",
};
};
next if ! -e "$ip/server.crt";
next if ! -e "$ip/server.key";
for $https_subdomain (<$domain/secure_content/*>) {
@subdomain_array = split /\//, "$https_subdomain";
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . ".";
$domain_name = $subdomain_array[-3];
$subdomain_address = "" if $subdomain_name eq "_";
push @{ $VirtualHost{"$ip_number:443"} },
{
ServerName => "${subdomain_address}${domain_name}",
DocumentRoot => "${domain}/secure_content/${subdomain_name}",
ServerSignature => "On",
ErrorLog => "$domain/logs/error.log",
CustomLog => ["$domain/logs/access.log", "virtual"],
LogLevel => "warn",
SSLEngine => "on",
SSLCertificateFile => "$ip/server.crt",
SSLCertificateKeyFile => "$ip/server.key",
};
};
};
};
ExtendedStatus On
SetHandler server-status
Order allow,deny
Allow from all
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org