Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Jan 2004 16:56:25 -0800
From:      Nagib Jamal <nagib@shaw.ca>
To:        freebsd-questions@freebsd.org
Subject:   apache SSL configuration problems
Message-ID:  <004401c3dbcb$917a9600$61145618@vc.shawcable.net>

next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.

--Boundary_(ID_//7gHl7u+m4lback35L06A)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

Hi Tom,

I have read some of your responses in connection to apache/virtual-host configuration issues ( eg. Owen Boyle june 03). Your responses are indeed clear and consise. However, I am a bit confused although I have managed to make some progress.

My purpose is to set up an ecommerce site on a single server (regular and secure html served).
My current situation/problem is as follows:

1) https://www.mydomain.com/    does NOT work - page cannot be displayed 
2) https://localhost works fine

Is this enough information to indicate what might be the souce of the problem? I have attached my config file for reference.

I think my problem has to do with the following rule: "Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol". However, I am not sure what the correct solution would be. I do realize that that are a few gaps in my understanding since I am fairly new to this areas.

My domain is currently set up with domain with domain-forwarding

Regards and TIA..
Nagib Jamal

PS. My domain is currently set up with domain-forwarding rather than via a DNS with the ISP (makes any difference ??).

--Boundary_(ID_//7gHl7u+m4lback35L06A)
Content-type: application/octet-stream; name=httpd_confused.conf
Content-transfer-encoding: quoted-printable
Content-disposition: attachment; filename=httpd_confused.conf

## httpd.conf -- Apache HTTP server configuration file
#  <URL:http://www.apache.org/docs/>;  detailed information about the =
directives.


#########################################################################=
######################
### Section 1: Global Environment
#########################################################################=
######################

ServerType standalone
ServerRoot "C:\oracle\ora81\Apache\Apache"
#LockFile logs\httpd.lock
# The file in which the server should record its process id when it =
starts.
PidFile logs\httpd.pid
# NJ commented out - file not created at startup
#ScoreBoardFile logs\httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MaxRequestsPerChild 0
ThreadsPerChild 50
MinSpareServers 5
MaxSpareServers 10
MaxClients 150

# Note: The order is which modules are loaded is important.  Don't =
change
# the order below without expert advice.
#
LoadModule mime_magic_module modules/ApacheModuleMimeMagic.dll
LoadModule anon_auth_module modules/ApacheModuleAuthAnon.dll
LoadModule cern_meta_module modules/ApacheModuleCERNMeta.dll
LoadModule digest_module modules/ApacheModuleDigest.dll
LoadModule expires_module modules/ApacheModuleExpires.dll
LoadModule headers_module modules/ApacheModuleHeaders.dll
LoadModule proxy_module modules/ApacheModuleProxy.dll
LoadModule rewrite_module modules/ApacheModuleRewrite.dll
LoadModule speling_module modules/ApacheModuleSpeling.dll
LoadModule status_module modules/ApacheModuleStatus.dll
LoadModule usertrack_module modules/ApacheModuleUserTrack.dll
LoadModule perl_module         modules\ApacheModulePerl.DLL
LoadModule ssl_module         modules\ApacheModuleSSL.DLL


#  Reconstruction of the complete module list from all available modules
#  (static and shared ones) to achieve correct module execution order.
#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_mime_magic.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_rewrite.c
AddModule mod_speling.c
AddModule mod_status.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_auth_anon.c
AddModule mod_cern_meta.c
AddModule mod_digest.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_proxy.c
AddModule mod_usertrack.c
AddModule mod_perl.c
AddModule mod_ssl.c
#
ExtendedStatus On

#########################################################################=
################
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#########################################################################=
##############

Listen 80
Listen 443
ServerAdmin you@your.address
#
# ServerName allows you to set a host name which is sent back to clients =
for
# your server if it's different than the one the program would get =
(i.e., use
# "www" instead of the host's real name).
#

# NJ removed
# ServerName  www.mydomain.com=20

DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>


# This should be changed to whatever you set DocumentRoot to.
<Directory "C:\oracle\ora81\Apache\Apache\htdocs">
  Options Indexes FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

UserDir "C:\oracle\ora81\Apache\Apache\users\"

DirectoryIndex index.html

AccessFileName .htaccess

#
# The following lines prevent .htaccess files from being viewed by
# Web clients.  Since .htaccess files often contain authorization
# information, access is disallowed for security reasons.  Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files.  If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

UseCanonicalName On

TypesConfig conf\mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile conf\magic
</IfModule>

HostnameLookups Off

ErrorLog logs\error_log

LogLevel debug

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" =
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

CustomLog logs\access_log common

ServerSignature Off

#
# Aliases: Add here as many aliases as you need (with no limit). The =
format is=20
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL.  So "/icons" isn't aliased in =
this
# example, only "/icons/"..
#
Alias /icons/ "C:\oracle\ora81\Apache\Apache\icons/"
Alias /jservdocs/ "C:\oracle\ora81\Apache\Jserv\docs/"

<Directory "icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

ScriptAlias /cgi-bin/ "C:\oracle\ora81\Apache\Apache\cgi-bin/"

#
# "C:\oracle\ora81\Apache\Apache\cgi-bin" should be changed to whatever =
your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:\oracle\ora81\Apache\Apache\cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

IndexOptions FancyIndexing

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif

ReadmeName README
HeaderName HEADER

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it

LanguagePriority en fr de


LoadModule ssl_module modules/mod_ssl.so
LoadModule php4_module c:/php/php4apache.dll

AddModule mod_ssl.c
AddModule mod_php4.c

AddType application/x-httpd-php .php
# NJ removed jan13
# AddType application/x-tar .tgz

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# Allow server status reports, with the URL of =
http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from www.mydomain.com=20
</Location>

#
# There have been reports of people trying to abuse an old bug from =
pre-1.1
# days.  This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a =
logging=20
# script on phf.apache.org.  Or, you can record them yourself, using the =
script
# support/phf_abuse_log.cgi.
#
#<Location /cgi-bin/phf*>
#    Deny from all
#    ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>

#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
#<IfModule mod_proxy.c>
#ProxyRequests On
#
#<Directory proxy:*>
#    Order deny,allow
#    Deny from all
#    Allow from .your_domain.com
#</Directory>

#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: =
headers)
# Set to one of: Off | On | Full | Block
#
#ProxyVia On

#########################################################################=
###############
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on =
your
# machine you can setup VirtualHost containers for them.
# Please see the documentation at =
<URL:http://www.apache.org/docs/vhosts/>;
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# If you want to use name-based virtual hosts you need to define at
# least one IP address (and port number) for them.
#
NameVirtualHost 24.86.20.97:*
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
#
#<VirtualHost ip.address.of.host.some_domain.com>
#    ServerAdmin webmaster@host.some_domain.com
#    DocumentRoot /www/docs/host.some_domain.com
#    ServerName host.some_domain.com
#    ErrorLog logs/host.some_domain.com-error_log
#    CustomLog logs/host.some_domain.com-access_log common
#</VirtualHost>

#<VirtualHost _default_:*>
#</VirtualHost>

##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache        none
SSLMutex sem
#SSLSessionCache        shm:logs\ssl_scache(512000)

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#NJ added
#SSLProtocol -all +SSLv3
SSLLog      logs/ssl_engine_log
SSLLogLevel warn


###########################################################
##
## SSL Virtual Host Context
##
#<VirtualHost *:80>
#  General setup for the virtual host
#DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs"
#ServerName www.mydomain.com
#ServerAdmin admin@shaw.ca
#ErrorLog logs/error_log
#TransferLog logs/access_log
#Port 80
#SSLEngine off
#</VirtualHost>                                 =20
#######################
#
<VirtualHost *:443>
#  General setup for the virtual host
DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs"
#ServerName https://24.86.20.97/ =20
ServerName www.mydomain.com
#ServerName localhost
ServerAdmin you@your.address
ErrorLog ssllogs/error_log
TransferLog ssllogs/access_log

#Port 443
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile conf/ssl/localhost.cert
SSLCertificateKeyFile conf/ssl/localhost.key
SSLCertificateChainFile conf\ssl.crt\intermediate.crt

<Files ~ "\.(cgi|shtml)$">
    SSLOptions +StdEnvVars
</Files>

<Directory "cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

<Directory C:/oracle/ora81/Apache/Apache/htdocs/catalog>
SSLRequireSSL
</Directory>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                 =20

#########################################################################=
############
Alias /perl/ "C:\oracle\ora81\Apache\Apache/cgi-bin/"
#
# Perl Directives
#
#PerlWarn On
#PerlFreshRestart On
#PerlSetEnv PERL5OPT Tw
#PerlSetEnv PERL5LIB  "C:\oracle\ora81\Apache/perl/perl5/5.00503"
PerlModule Apache
#PerlModule Apache::Status
PerlModule Apache::Registry
#PerlModule Apache::CGI
#PerlModule Apache::DBI
#PerlRequire
<Location /perl>
    SetHandler  perl-script
    PerlHandler Apache::Registry
    AddHandler perl-script .pl
    Options +ExecCGI
    PerlSendHeader On
</Location>

#<Location /perl-status>
#    SetHandler  perl-script
#    PerlHandler Apache::Status
#    order deny,allow
#    deny from all
#    allow from localhost
#</Location>

# Include the configuration for Apache JServ 1.1
include "C:\oracle\ora81\Apache\Jserv\conf\jserv.conf"

# Include the Oracle configuration file for custom settings
include "C:\oracle\ora81\Apache\Apache\conf\oracle_apache.conf"

--Boundary_(ID_//7gHl7u+m4lback35L06A)--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004401c3dbcb$917a9600$61145618>