Enabling SSL on a virtual host

--000e0cd11ae071d429047ac65161
Content-Type: text/plain; charset=ISO-8859-1

I have a single webserver (1 IP) to which many DNS entries point to. Up
till now I've haven't needed SSL and the following config pattern has worked
fine for me:


ServerName foo.mysite.com
....



ServerName bar.mysite.com
....



However, when I added SSL to to foo.mysite.com, the config had to become:

....SSLStuff

In the meantime non-HTTPS traffic to foo.mysite.com worked fine except that
the Alias directives did not work. So I realized the problem (the port was
only for 443) and changed the config to:


But this has the unwanted effect of returning 400 Bad Request to HTTP
traffic for foo.mysite.com, with this message:
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

So my question is, how do I configure the VirtualHost to allow HTTP traffic
(port 80) and HTTPS traffic (443)?

--000e0cd11ae071d429047ac65161
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I have a single webserver (1 IP) to which many DNS entries point to.=A0 Up =
till now I've haven't needed SSL and the following config pattern h=
as worked fine for me:

<VirtualHost *>
ServerName =3D"http://foo.mysite.com">foo.mysite.com

....
</VirtualHost>

<VirtualHost *>
ServerName ref=3D"http://bar.mysite.com">bar.mysite.com
...
</VirtualHost=
>


However, when I added SSL to to e.com">foo.mysite.com, the config had to become:

<VirtualHost foo.mysite.com:443 >>
...SSLStuff

In the meantime non-HTTPS traffic to "http://foo.mysite.com">foo.mysite.com worked fine except that the Alia=
s directives did not work.=A0 So I realized the problem (the port was only =
for 443) and changed the config to:

<VirtualHost =
>

But=
this has the unwanted effect of returning 400 Bad Request to HTTP traffic =
for , with this message=
:

Your browser sent a request that this server could not understand.

Reason: You're speaking plain HTTP to an SSL-enabled server port.

Instead use the HTTPS scheme to access this URL, please.

So my quest=
ion is, how do I configure the VirtualHost to allow HTTP traffic (port 80) =
and HTTPS traffic (443)?


--000e0cd11ae071d429047ac65161--

Re: Enabling SSL on a virtual host

On Tue, Dec 15, 2009 at 10:48 AM, Jonathan Mast
wrote:
> So my question is, how do I configure the VirtualHost to allow HTTP traffic
> (port 80) and HTTPS traffic (443)?

You need two virtualhosts, one with SSL and one without. If you want
everything other than SSL to be common, use Include to source a common
config.

I'd suggest *:80 and *:443 until you have to actually discriminate
based on the local IP address. If you need to discriminate based on
hostname requested for non-SSL, add NameVirtualHost *:80.

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Enabling SSL on a virtual host

--000e0cd1a8cc2a5228047ac70141
Content-Type: text/plain; charset=ISO-8859-1

I'm thinking that the host name actually is required in the VirtualHost
declaration.

But the 2 separate VirtualHost entries worked, thanks

On Tue, Dec 15, 2009 at 10:53 AM, Eric Covener wrote:

> On Tue, Dec 15, 2009 at 10:48 AM, Jonathan Mast
> wrote:
> > So my question is, how do I configure the VirtualHost to allow HTTP
> traffic
> > (port 80) and HTTPS traffic (443)?
>
> You need two virtualhosts, one with SSL and one without. If you want
> everything other than SSL to be common, use Include to source a common
> config.
>
> I'd suggest *:80 and *:443 until you have to actually discriminate
> based on the local IP address. If you need to discriminate based on
> hostname requested for non-SSL, add NameVirtualHost *:80.
>
> --
> Eric Covener
> covener@gmail.com
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--000e0cd1a8cc2a5228047ac70141
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I'm thinking that the host name actually is required in the VirtualHost=
declaration.

But the 2 separate VirtualHost entries worked, thanks=

Re: Enabling SSL on a virtual host

On Tue, Dec 15, 2009 at 5:37 PM, Jonathan Mast
wrote:
> I'm thinking that the host name actually is required in the VirtualHost

No it is not required.

A hostname in a VirtualHost directive is internally converted to an IP
address and only needed if this VirtualHost needs to be bound to a
particular IP on a multi homed host. In most practical scenarios
having *:443 and *:80 in your VirtuaHost direcives is perfectly
adequate.

Krist

--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Enabling SSL on a virtual host

DQoNCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0NCkZyb206IEtyaXN0 IHZhbiBCZXNpZW4g
PGtyaXN0LnZhbmJlc2llbkBnbWFpbC5jb20+DQpUbzogdXNlcnNAaHR0cGQu YXBhY2hlLm9yZyA8
dXNlcnNAaHR0cGQuYXBhY2hlLm9yZz4NClNlbnQ6IFdlZCBEZWMgMTYgMDc6 MTc6NDMgMjAwOQ0K
U3ViamVjdDogUmU6IFt1c2Vyc0BodHRwZF0gRW5hYmxpbmcgU1NMIG9uIGEg dmlydHVhbCBob3N0
DQoNCk9uIFR1ZSwgRGVjIDE1LCAyMDA5IGF0IDU6MzcgUE0sIEpvbmF0aGFu IE1hc3QNCjxqaG1h
c3QuZGV2ZWxvcGVyQGdtYWlsLmNvbT4gd3JvdGU6DQo+IEknbSB0aGlua2lu ZyB0aGF0IHRoZSBo
b3N0IG5hbWUgYWN0dWFsbHkgaXMgcmVxdWlyZWQgaW4gdGhlIFZpcnR1YWxI b3N0DQoNCk5vIGl0
IGlzIG5vdCByZXF1aXJlZC4NCg0KQSBob3N0bmFtZSBpbiBhIFZpcnR1YWxI b3N0IGRpcmVjdGl2
ZSBpcyBpbnRlcm5hbGx5IGNvbnZlcnRlZCB0byBhbiBJUA0KYWRkcmVzcyBh bmQgb25seSBuZWVk
ZWQgaWYgdGhpcyBWaXJ0dWFsSG9zdCBuZWVkcyB0byBiZSBib3VuZCB0byBh DQpwYXJ0aWN1bGFy
IElQIG9uIGEgbXVsdGkgaG9tZWQgaG9zdC4gSW4gbW9zdCBwcmFjdGljYWwg c2NlbmFyaW9zDQpo
YXZpbmcgKjo0NDMgYW5kICo6ODAgaW4geW91ciBWaXJ0dWFIb3N0IGRpcmVj aXZlcyBpcyBwZXJm
ZWN0bHkNCmFkZXF1YXRlLg0KDQpLcmlzdA0KDQotLQ0Ka3Jpc3QudmFuYmVz aWVuQGdtYWlsLmNv
bQ0Ka3Jpc3RAdmFuYmVzaWVuLm9yZw0KQnJlbWdhcnRlbiBiLiBCZXJuLCBT d2l0emVybGFuZA0K
LS0NCkE6IEl0IHJldmVyc2VzIHRoZSBub3JtYWwgZmxvdyBvZiBjb252ZXJz YXRpb24uDQpROiBX
aGF0J3Mgd3Jvbmcgd2l0aCB0b3AtcG9zdGluZz8NCkE6IFRvcC1wb3N0aW5n Lg0KUTogV2hhdCdz
IHRoZSBiaWdnZXN0IHNjb3VyZ2Ugb24gcGxhaW4gdGV4dCBlbWFpbCBkaXNj dXNzaW9ucz8NCg0K
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tDQpUaGUgb2ZmaWNpYWwgVXNlci1Uby1Vc2VyIHN1cHBv cnQgZm9ydW0gb2Yg
dGhlIEFwYWNoZSBIVFRQIFNlcnZlciBQcm9qZWN0Lg0KU2VlIDxVUkw6aHR0 cDovL2h0dHBkLmFw
YWNoZS5vcmcvdXNlcnNsaXN0Lmh0bWw+IGZvciBtb3JlIGluZm8uDQpUbyB1 bnN1YnNjcmliZSwg
ZS1tYWlsOiB1c2Vycy11bnN1YnNjcmliZUBodHRwZC5hcGFjaGUub3JnDQog ICAiICAgZnJvbSB0
aGUgZGlnZXN0OiB1c2Vycy1kaWdlc3QtdW5zdWJzY3JpYmVAaHR0cGQuYXBh Y2hlLm9yZw0KRm9y
IGFkZGl0aW9uYWwgY29tbWFuZHMsIGUtbWFpbDogdXNlcnMtaGVscEBodHRw ZC5hcGFjaGUub3Jn
DQoNCg0KVFJBVkVMIEJVRyBFRkZFQ1Q6IENyYXZpbmcgZm9yIGEgQ2hhbGxl bmdlDQpNYW4gVi4g
Rm9vZCwgV2VkbmVzZGF5cyBhdCAxMFBNIEUvUA0KQ0FUQ0ggSVQgIHwgIHRy YXZlbGNoYW5uZWwu
Y29tDQo=

Re: Enabling SSL on a virtual host

DQoNCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0NCkZyb206IEtyaXN0 IHZhbiBCZXNpZW4g
PGtyaXN0LnZhbmJlc2llbkBnbWFpbC5jb20+DQpUbzogdXNlcnNAaHR0cGQu YXBhY2hlLm9yZyA8
dXNlcnNAaHR0cGQuYXBhY2hlLm9yZz4NClNlbnQ6IFdlZCBEZWMgMTYgMDc6 MTc6NDMgMjAwOQ0K
U3ViamVjdDogUmU6IFt1c2Vyc0BodHRwZF0gRW5hYmxpbmcgU1NMIG9uIGEg dmlydHVhbCBob3N0
DQoNCk9uIFR1ZSwgRGVjIDE1LCAyMDA5IGF0IDU6MzcgUE0sIEpvbmF0aGFu IE1hc3QNCjxqaG1h
c3QuZGV2ZWxvcGVyQGdtYWlsLmNvbT4gd3JvdGU6DQo+IEknbSB0aGlua2lu ZyB0aGF0IHRoZSBo
b3N0IG5hbWUgYWN0dWFsbHkgaXMgcmVxdWlyZWQgaW4gdGhlIFZpcnR1YWxI b3N0DQoNCk5vIGl0
IGlzIG5vdCByZXF1aXJlZC4NCg0KQSBob3N0bmFtZSBpbiBhIFZpcnR1YWxI b3N0IGRpcmVjdGl2
ZSBpcyBpbnRlcm5hbGx5IGNvbnZlcnRlZCB0byBhbiBJUA0KYWRkcmVzcyBh bmQgb25seSBuZWVk
ZWQgaWYgdGhpcyBWaXJ0dWFsSG9zdCBuZWVkcyB0byBiZSBib3VuZCB0byBh DQpwYXJ0aWN1bGFy
IElQIG9uIGEgbXVsdGkgaG9tZWQgaG9zdC4gSW4gbW9zdCBwcmFjdGljYWwg c2NlbmFyaW9zDQpo
YXZpbmcgKjo0NDMgYW5kICo6ODAgaW4geW91ciBWaXJ0dWFIb3N0IGRpcmVj aXZlcyBpcyBwZXJm
ZWN0bHkNCmFkZXF1YXRlLg0KDQpLcmlzdA0KDQotLQ0Ka3Jpc3QudmFuYmVz aWVuQGdtYWlsLmNv
bQ0Ka3Jpc3RAdmFuYmVzaWVuLm9yZw0KQnJlbWdhcnRlbiBiLiBCZXJuLCBT d2l0emVybGFuZA0K
LS0NCkE6IEl0IHJldmVyc2VzIHRoZSBub3JtYWwgZmxvdyBvZiBjb252ZXJz YXRpb24uDQpROiBX
aGF0J3Mgd3Jvbmcgd2l0aCB0b3AtcG9zdGluZz8NCkE6IFRvcC1wb3N0aW5n Lg0KUTogV2hhdCdz
IHRoZSBiaWdnZXN0IHNjb3VyZ2Ugb24gcGxhaW4gdGV4dCBlbWFpbCBkaXNj dXNzaW9ucz8NCg0K
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tDQpUaGUgb2ZmaWNpYWwgVXNlci1Uby1Vc2VyIHN1cHBv cnQgZm9ydW0gb2Yg
dGhlIEFwYWNoZSBIVFRQIFNlcnZlciBQcm9qZWN0Lg0KU2VlIDxVUkw6aHR0 cDovL2h0dHBkLmFw
YWNoZS5vcmcvdXNlcnNsaXN0Lmh0bWw+IGZvciBtb3JlIGluZm8uDQpUbyB1 bnN1YnNjcmliZSwg
ZS1tYWlsOiB1c2Vycy11bnN1YnNjcmliZUBodHRwZC5hcGFjaGUub3JnDQog ICAiICAgZnJvbSB0
aGUgZGlnZXN0OiB1c2Vycy1kaWdlc3QtdW5zdWJzY3JpYmVAaHR0cGQuYXBh Y2hlLm9yZw0KRm9y
IGFkZGl0aW9uYWwgY29tbWFuZHMsIGUtbWFpbDogdXNlcnMtaGVscEBodHRw ZC5hcGFjaGUub3Jn
DQoNCg0KVFJBVkVMIEJVRyBFRkZFQ1Q6IENyYXZpbmcgZm9yIGEgQ2hhbGxl bmdlDQpNYW4gVi4g
Rm9vZCwgV2VkbmVzZGF5cyBhdCAxMFBNIEUvUA0KQ0FUQ0ggSVQgIHwgIHRy YXZlbGNoYW5uZWwu
Y29tDQo=