Adding Virtual Hosts for SSL / 443

I have a server up and running with Apache 2.2.14-2. Right now in
apache my Document Root is set as /srv/http and this takes you to
www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
my Document Root called 'webmail/'. When I access the webmail
subfolder, I want to do this over port 443 (SSL). My question is how
do I keep my main site as follows:

www.mydomain.tld (http)
www.mydomain.tld/webmail (https)

Also if someone goes to www.mydomain.tld/webmail on port 80, it
redirects to port 443.

Below is what I have in my httpd.conf file but it is not correct. Can
someone please explain what I need to change or help me understand?

#Listen 443
#AddType application/x-x509-ca-cert .crt
#AddType application/x-pkcs7-crl .crl
#SSLPassPhraseDialog builtin
#SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
#SSLSessionCacheTimeout 300
#SSLMutex "file:/var/run/httpd/ssl_mutex"

#

#DocumentRoot "webmail/"
#ServerName www.mydomain.tld:443
#ServerAdmin admin@mydomain.tld
#ErrorLog "/var/log/httpd/error_log"
#TransferLog "/var/log/httpd/access_log"
#SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
#SSLCertificateFile "/path/to/my/ssl.crt"
#SSLCertificateKeyFile "/path/to/my/ssl.key"

#
# SSLOptions +StdEnvVars
#
#
# SSLOptions +StdEnvVars
#

#BrowserMatch ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0

#CustomLog "/var/log/httpd/ssl_request_log" \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Adding Virtual Hosts for SSL / 443

Carlos Williams wrote:
> I have a server up and running with Apache 2.2.14-2. Right now in
> apache my Document Root is set as /srv/http and this takes you to
> www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
> my Document Root called 'webmail/'. When I access the webmail
> subfolder, I want to do this over port 443 (SSL). My question is how
> do I keep my main site as follows:
>
> www.mydomain.tld (http)
> www.mydomain.tld/webmail (https)
>
> Also if someone goes to www.mydomain.tld/webmail on port 80, it
> redirects to port 443.
>
> Below is what I have in my httpd.conf file but it is not correct. Can
> someone please explain what I need to change or help me understand?
>
> #Listen 443
> #AddType application/x-x509-ca-cert .crt
> #AddType application/x-pkcs7-crl .crl
> #SSLPassPhraseDialog builtin
> #SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
> #SSLSessionCacheTimeout 300
> #SSLMutex "file:/var/run/httpd/ssl_mutex"
>
> #
>
> #DocumentRoot "webmail/"
> #ServerName www.mydomain.tld:443
> #ServerAdmin admin@mydomain.tld
> #ErrorLog "/var/log/httpd/error_log"
> #TransferLog "/var/log/httpd/access_log"
> #SSLEngine on
> #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> #SSLCertificateFile "/path/to/my/ssl.crt"
> #SSLCertificateKeyFile "/path/to/my/ssl.key"
>
> #
> # SSLOptions +StdEnvVars
> #
> #
> # SSLOptions +StdEnvVars
> #
>
> #BrowserMatch ".*MSIE.*" \
> # nokeepalive ssl-unclean-shutdown \
> # downgrade-1.0 force-response-1.0
>
> #CustomLog "/var/log/httpd/ssl_request_log" \
> # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> #
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Carlos,

Your directives are commented out. Remove the leading # from each line.

Frank

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Adding Virtual Hosts for SSL / 443

On Fri, Dec 18, 2009 at 1:54 PM, Frank Gingras
wrote:
> Carlos,
>
> Your directives are commented out. Remove the leading # from each line.

Yes,

I did this because when I un-comment them, it doesn't work as I
expected. Assume those comments are not there...what needs to change
or be added?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Adding Virtual Hosts for SSL / 443

Carlos Williams wrote:
> I have a server up and running with Apache 2.2.14-2. Right now in
> apache my Document Root is set as /srv/http and this takes you to
> www.mydomain.tld. This is perfect on port 80 but I have a subfolder in
> my Document Root called 'webmail/'. When I access the webmail
> subfolder, I want to do this over port 443 (SSL). My question is how
> do I keep my main site as follows:
>
> www.mydomain.tld (http)
> www.mydomain.tld/webmail (https)
>
> Also if someone goes to www.mydomain.tld/webmail on port 80, it
> redirects to port 443.
>

I think you'll be better off and less likely to get confused in the
script if you break out both HTTP and HTTPS into VirtualHost containers,
then add some rewrite rules to handle the redirect. Something like this
(bare bones, untested, substitute 1.2.3.4 for your real IP address on
the box).

Listen 443


ServerName www.mydomain.tld
DocumentRoot /srv/http

RewriteEngine on
RewriteRule ^/webmail(/?.*) https://www.mydomain.tld/webmail$1 [R,L]



ServerName www.mydomain.tld
DocumentRoot /srv/http

SSLEngine on
SSLCipherSuite AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5
SSLCertificateFile "/path/to/my/ssl.crt"
SSLCertificateKeyFile "/path/to/my/ssl.key"


If you don't understand the SSL directives, I highly recommend
consulting the docs instead of blindly copying and pasting. You can get
fancier and also use a rewrite rule to push HTTPS traffic back to HTTP
if it doesn't start with /webmail.

--
Justin Pasher

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org