Same config for 80 and 443 ports and special config for 443 port?

[jouell]

Hello.

Is it possible to configure like the example below ? Same config for 80 and 443 ports and special config for 443 port. I'd like to run both port 80 and 443 and have the 443 site 'inherit' all the basics from the 80 site.


NameVirtualHost *:443
NameVirtualHost *:80

<virtualhost *:80>
ServerName mydom
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</virtualhost>


<virtualhost *:443>
(somehow use the port 80 setting?)
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
(other SSL params)
</virtualhost>


Thanks!
-jouell

 

[Noway2]

Aside from the SSL parameters, you should be able to copy your port 80 virtual host information to the virtual host for 443.

Note, technically speaking, secured named virtual hosts aren't supported in apache. Theoretically, you can only have one secured host per IP address and it must be defined per IP, not name. However, this isn't to say that it won't "work" and depending on your needs may be just fine, it is just that you will get a certificate warning in your browser, especially if you have multiple hosts. If these hosts are for your own use, such as for family or your own web mail system, then this is a non-issue.

 

[jouell]

Hi Noway2

>>Aside from the SSL parameters, you should be able to copy your port 80 virtual host information to the virtual host for 443.

Right. That works OK.

>>Note, technically speaking, secured named virtual hosts aren't supported in apache. Theoretically, you can only have one secured host per IP address and it must be defined per IP, not name.

Right.

>>However, this isn't to say that it won't "work" and depending on your needs may be just fine, it is just that you will get a certificate warning in your browser, especially if you have multiple hosts. If these hosts are for your own use, such as for family or your own web mail system, then this is a non-issue.

Right. So it sounds like it is not possible to configure like the example above.

-jouell

 

[Noway2]

I suggest trying it. It should work. What I was getting at is that if you want to be strict about things, you can only have one SSL site per IP address, but if you are willing to accept certificate errors, you can have multiple named secured or at least encrypted sites.

You may want to consider making your SSL site an IP address defined one rather than a named host, though.

 

[jouell]

<VirtualHost *:80>
Include /etc/apache2/sites-includes/SITE01.A
</VirtualHost>

<VirtualHost *:443>
Include /etc/apache2/sites-includes/SITE01.A
SSLEngine on
SSLCertificateFile /etc/ssl/certs/

http://www.cer.pem

SSLCertificateKeyFile /etc/ssl/private/

http://www.cer+key.pem

</VirtualHost>

This didn't seem to work with my app but docs suggest it should work.

-jouell

 

[Noway2]

Things to check and try:

1 - Make sure that the ssl.conf and ssl.load modules are being loaded.

2 - look in the apache logs. Getting SSL to work can be tricky and it likes to complain about little things being incorrect. The logs will give you an indication as to what is wrong. If you have trouble interpreting it, post the error message here.

 

[jouell]

To clarify:

I can get Apache to host an HTTP site on port 80, and an SSL site on port 443. All works just fine.

However it's when I try to consolidate the configuration using the include directive as above.

For some reason my application keeps redirecting itself in an infinite circle. I don't think the redirection part has to do with Apache, as I am also using redirects to an internal proxy, which is complicating the matter.

 

[Noway2]

I think I see the problem. Your configuration looks like how it is set up in Ubuntu, where you have a sites-available and a sites-enabled directory, under the apache2 directory. This is where the file that configures the virtual host goes. The sites-enabled uses symbolic links to point to sites-included. Consequently, when you attempt to include this, you are recursively re-including the same thing in an infinite loop.

It looks to me like you want to use a directory statement to point both your regular and ssl hosts to the same set of web documents, rather than an include statement.

 

[jouell]

The following works just fine now (on a different server).


#/etc/apache2/sites-available# cat all

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
Include /etc/apache2/all_conf
</VirtualHost>


<VirtualHost *:443>
Include /etc/apache2/all_conf
SSLEngine on
SSLCertificateFile /etc/apache2/mysite.crt
SSLCertificateKeyFile /etc/apache2/mysite.key
</VirtualHost>



##This is basically default
#/etc/apache2/sites-available# cat ../all_conf
ServerAdmin webmaster@localhost

DocumentRoot /var/www/

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/

http://www/>

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

So the Include works and the original intent to consolidate works!

In my other server, I'll need to investigate more as they're are added pieces.

Thanks for your help.
-jouell

 

[Noway2]

I am glad to see that things are resolving now that you know it is a problem with the one server. Check the error logs. You will probably find some 'complaint' or other from apache. It likes to complain.