From owner-freebsd-questions@FreeBSD.ORG Thu Jan 15 17:52:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6842D16A4CE for ; Thu, 15 Jan 2004 17:52:08 -0800 (PST) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 694A643D5E for ; Thu, 15 Jan 2004 17:51:16 -0800 (PST) (envelope-from nagib@shaw.ca) Received: from pd5mr1so.prod.shaw.ca (pd5mr1so-qfe3.prod.shaw.ca [10.0.141.232]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HRK00KMF7LWE5@l-daemon> for freebsd-questions@freebsd.org; Thu, 15 Jan 2004 18:46:45 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca (pn2ml9so-qfe0.prod.shaw.ca [10.0.121.7]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0HRK004277LWHR@l-daemon> for freebsd-questions@freebsd.org; Thu, 15 Jan 2004 18:46:44 -0700 (MST) Received: from bh6 (h24-86-20-97.vc.shawcable.net [24.86.20.97]) 2003))freebsd-questions@freebsd.org; Thu, 15 Jan 2004 18:46:44 -0700 (MST) Date: Thu, 15 Jan 2004 16:56:25 -0800 From: Nagib Jamal To: freebsd-questions@freebsd.org Message-id: <004401c3dbcb$917a9600$61145618@vc.shawcable.net> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 X-Mailer: Microsoft Outlook Express 5.00.2314.1300 Content-type: multipart/mixed; boundary="Boundary_(ID_//7gHl7u+m4lback35L06A)" X-Priority: 3 X-MSMail-priority: Normal X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: apache SSL configuration problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 01:52:08 -0000 This is a multi-part message in MIME format. --Boundary_(ID_//7gHl7u+m4lback35L06A) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Hi Tom, I have read some of your responses in connection to apache/virtual-host configuration issues ( eg. Owen Boyle june 03). Your responses are indeed clear and consise. However, I am a bit confused although I have managed to make some progress. My purpose is to set up an ecommerce site on a single server (regular and secure html served). My current situation/problem is as follows: 1) https://www.mydomain.com/ does NOT work - page cannot be displayed 2) https://localhost works fine Is this enough information to indicate what might be the souce of the problem? I have attached my config file for reference. I think my problem has to do with the following rule: "Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol". However, I am not sure what the correct solution would be. I do realize that that are a few gaps in my understanding since I am fairly new to this areas. My domain is currently set up with domain with domain-forwarding Regards and TIA.. Nagib Jamal PS. My domain is currently set up with domain-forwarding rather than via a DNS with the ISP (makes any difference ??). --Boundary_(ID_//7gHl7u+m4lback35L06A) Content-type: application/octet-stream; name=httpd_confused.conf Content-transfer-encoding: quoted-printable Content-disposition: attachment; filename=httpd_confused.conf ## httpd.conf -- Apache HTTP server configuration file # detailed information about the = directives. #########################################################################= ###################### ### Section 1: Global Environment #########################################################################= ###################### ServerType standalone ServerRoot "C:\oracle\ora81\Apache\Apache" #LockFile logs\httpd.lock # The file in which the server should record its process id when it = starts. PidFile logs\httpd.pid # NJ commented out - file not created at startup #ScoreBoardFile logs\httpd.scoreboard Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 MaxRequestsPerChild 0 ThreadsPerChild 50 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 # Note: The order is which modules are loaded is important. Don't = change # the order below without expert advice. # LoadModule mime_magic_module modules/ApacheModuleMimeMagic.dll LoadModule anon_auth_module modules/ApacheModuleAuthAnon.dll LoadModule cern_meta_module modules/ApacheModuleCERNMeta.dll LoadModule digest_module modules/ApacheModuleDigest.dll LoadModule expires_module modules/ApacheModuleExpires.dll LoadModule headers_module modules/ApacheModuleHeaders.dll LoadModule proxy_module modules/ApacheModuleProxy.dll LoadModule rewrite_module modules/ApacheModuleRewrite.dll LoadModule speling_module modules/ApacheModuleSpeling.dll LoadModule status_module modules/ApacheModuleStatus.dll LoadModule usertrack_module modules/ApacheModuleUserTrack.dll LoadModule perl_module modules\ApacheModulePerl.DLL LoadModule ssl_module modules\ApacheModuleSSL.DLL # Reconstruction of the complete module list from all available modules # (static and shared ones) to achieve correct module execution order. # [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO] ClearModuleList AddModule mod_mime_magic.c AddModule mod_env.c AddModule mod_log_config.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_rewrite.c AddModule mod_speling.c AddModule mod_status.c AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_asis.c AddModule mod_imap.c AddModule mod_actions.c AddModule mod_userdir.c AddModule mod_alias.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_so.c AddModule mod_setenvif.c AddModule mod_auth_anon.c AddModule mod_cern_meta.c AddModule mod_digest.c AddModule mod_expires.c AddModule mod_headers.c AddModule mod_proxy.c AddModule mod_usertrack.c AddModule mod_perl.c AddModule mod_ssl.c # ExtendedStatus On #########################################################################= ################ ### Section 2: 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # definition. These values also provide defaults for # any containers you may define later in the file. # # All of these directives may appear inside containers, # in which case these default settings will be overridden for the # virtual host being defined. #########################################################################= ############## Listen 80 Listen 443 ServerAdmin you@your.address # # ServerName allows you to set a host name which is sent back to clients = for # your server if it's different than the one the program would get = (i.e., use # "www" instead of the host's real name). # # NJ removed # ServerName www.mydomain.com=20 DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs" Options FollowSymLinks AllowOverride None # This should be changed to whatever you set DocumentRoot to. Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all UserDir "C:\oracle\ora81\Apache\Apache\users\" DirectoryIndex index.html AccessFileName .htaccess # # The following lines prevent .htaccess files from being viewed by # Web clients. Since .htaccess files often contain authorization # information, access is disallowed for security reasons. Comment # these lines out if you want Web visitors to see the contents of # .htaccess files. If you change the AccessFileName directive above, # be sure to make the corresponding changes here. # # Also, folks tend to use names such as .htpasswd for password # files, so this will protect those as well. # Order allow,deny Deny from all UseCanonicalName On TypesConfig conf\mime.types DefaultType text/plain MIMEMagicFile conf\magic HostnameLookups Off ErrorLog logs\error_log LogLevel debug LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" = combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs\access_log common ServerSignature Off # # Aliases: Add here as many aliases as you need (with no limit). The = format is=20 # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the URL. So "/icons" isn't aliased in = this # example, only "/icons/".. # Alias /icons/ "C:\oracle\ora81\Apache\Apache\icons/" Alias /jservdocs/ "C:\oracle\ora81\Apache\Jserv\docs/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all ScriptAlias /cgi-bin/ "C:\oracle\ora81\Apache\Apache\cgi-bin/" # # "C:\oracle\ora81\Apache\Apache\cgi-bin" should be changed to whatever = your ScriptAliased # CGI directory exists, if you have that configured. # AllowOverride None Options None Order allow,deny Allow from all IndexOptions FancyIndexing AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # # DefaultIcon is which icon to show for files which do not have an icon # explicitly set. # DefaultIcon /icons/unknown.gif ReadmeName README HeaderName HEADER IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddLanguage en .en AddLanguage fr .fr AddLanguage de .de AddLanguage da .da AddLanguage el .el AddLanguage it .it LanguagePriority en fr de LoadModule ssl_module modules/mod_ssl.so LoadModule php4_module c:/php/php4apache.dll AddModule mod_ssl.c AddModule mod_php4.c AddType application/x-httpd-php .php # NJ removed jan13 # AddType application/x-tar .tgz BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # Allow server status reports, with the URL of = http://servername/server-status # Change the ".your_domain.com" to match your domain to enable. # SetHandler server-status Order deny,allow Deny from all Allow from www.mydomain.com=20 # # There have been reports of people trying to abuse an old bug from = pre-1.1 # days. This bug involved a CGI script distributed as a part of Apache. # By uncommenting these lines you can redirect these attacks to a = logging=20 # script on phf.apache.org. Or, you can record them yourself, using the = script # support/phf_abuse_log.cgi. # # # Deny from all # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi # # # Proxy Server directives. Uncomment the following lines to # enable the proxy server: # # #ProxyRequests On # # # Order deny,allow # Deny from all # Allow from .your_domain.com # # # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: = headers) # Set to one of: Off | On | Full | Block # #ProxyVia On #########################################################################= ############### ### Section 3: Virtual Hosts # # VirtualHost: If you want to maintain multiple domains/hostnames on = your # machine you can setup VirtualHost containers for them. # Please see the documentation at = # for further details before you try to setup virtual hosts. # You may use the command line option '-S' to verify your virtual host # configuration. # # If you want to use name-based virtual hosts you need to define at # least one IP address (and port number) for them. # NameVirtualHost 24.86.20.97:* # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # # # ServerAdmin webmaster@host.some_domain.com # DocumentRoot /www/docs/host.some_domain.com # ServerName host.some_domain.com # ErrorLog logs/host.some_domain.com-error_log # CustomLog logs/host.some_domain.com-access_log common # # # ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache none SSLMutex sem #SSLSessionCache shm:logs\ssl_scache(512000) SSLRandomSeed startup builtin SSLRandomSeed connect builtin #NJ added #SSLProtocol -all +SSLv3 SSLLog logs/ssl_engine_log SSLLogLevel warn ########################################################### ## ## SSL Virtual Host Context ## # # General setup for the virtual host #DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs" #ServerName www.mydomain.com #ServerAdmin admin@shaw.ca #ErrorLog logs/error_log #TransferLog logs/access_log #Port 80 #SSLEngine off # =20 ####################### # # General setup for the virtual host DocumentRoot "C:\oracle\ora81\Apache\Apache\htdocs" #ServerName https://24.86.20.97/ =20 ServerName www.mydomain.com #ServerName localhost ServerAdmin you@your.address ErrorLog ssllogs/error_log TransferLog ssllogs/access_log #Port 443 SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile conf/ssl/localhost.cert SSLCertificateKeyFile conf/ssl/localhost.key SSLCertificateChainFile conf\ssl.crt\intermediate.crt SSLOptions +StdEnvVars SSLOptions +StdEnvVars SSLRequireSSL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" =20 #########################################################################= ############ Alias /perl/ "C:\oracle\ora81\Apache\Apache/cgi-bin/" # # Perl Directives # #PerlWarn On #PerlFreshRestart On #PerlSetEnv PERL5OPT Tw #PerlSetEnv PERL5LIB "C:\oracle\ora81\Apache/perl/perl5/5.00503" PerlModule Apache #PerlModule Apache::Status PerlModule Apache::Registry #PerlModule Apache::CGI #PerlModule Apache::DBI #PerlRequire SetHandler perl-script PerlHandler Apache::Registry AddHandler perl-script .pl Options +ExecCGI PerlSendHeader On # # SetHandler perl-script # PerlHandler Apache::Status # order deny,allow # deny from all # allow from localhost # # Include the configuration for Apache JServ 1.1 include "C:\oracle\ora81\Apache\Jserv\conf\jserv.conf" # Include the Oracle configuration file for custom settings include "C:\oracle\ora81\Apache\Apache\conf\oracle_apache.conf" --Boundary_(ID_//7gHl7u+m4lback35L06A)--