Using Virtual host to run ssl and non ssl hosts

[BiVi]

Hi,
I am a newbie to apache.

I am currently working on a project which requires to run a ssl site and a non ssl site in the same host using different ports. Another host will also be set up with the same configuration and we will use a software router as a load balancer for connecting to one of the hosts when a request is made for either of the sites.

Now the problem is, ssl site works without any problem but the non ssl site works fine when it is accessed from the host directly but when I try to access the same through the load balancer, it goes to the login page and then redirects to "User already logged in page" and stays there always. Clearing browser cache/cookies doesn't seem to solve the problem.

Now how to find out whether the problem is due to my apache configuration? Here is the virtual host part of my config file

<VirtualHost *:8443>
Port 9999
ServerName $(INTERNAL_DOMAIN)

SSLEngine On
SSLCertificateFile ~/ssl.crt/internal.server.crt
SSLCertificateKeyFile ~/ssl.key/internal.server.key

RewriteEngine On
RewriteOptions inherit
RewriteRule ^/((index\.html)?)$ /index.html
</VirtualHost>
<VirtualHost *:8080>
Port 4080
ServerName $(INTERNAL_DOMAIN)

SSLEngine Off

RewriteEngine On
RewriteOptions inherit
RewriteRule ^/((index\.html)?)$ /index.html
</VirtualHost>

It will be very helpful if any of you can provide me help / suggestion to solve this issue.

TIA.

Thanks & Regards,
Bindu

 

[elgrandeperro]

The port directives are probably ignored (these are specified on the VirtualHost line). ~ (as far as I know) is not allowed as a path (this is csh and httpd.conf is far from a shell). You really have $(INTERNAL_DOMAIN) or are you doing some creative editing? It is probably going to this vhost simply because it is first vhost, which is the default.

These errors (if they are) should appear in your errorlog.

Given these, I don't believe SSL is enabled correctly. Put separate access, errorlogs for each host to see who is getting the request.

 

[BiVi]

Hi elgrandeperro,
Thanks for your reply.

~ (as far as I know) is not allowed as a path (this is csh and httpd.conf is far from a shell).

I am using this in my local install, in the actual host this will be the apache folder path/ssl.crt and ssl.key

You really have $(INTERNAL_DOMAIN) or are you doing some creative editing?
This variable gets updated when we install the package along with apache in the host. The variable is replaced with the site name.

It is probably going to this vhost simply because it is first vhost, which is the default.

I tried changing the order and then connecting to the http site but still it goes to the "User already logged in page" and for https it works fine as usual.

I checked the error and access logs but I am not able to find any information there

 

[RhythmAce]

As elgrandeperro has stated, the only reason your ssl site is coming up is because it is the first one defined in httpd.conf and is the default if the requested site can't be resolved. I don't know how your software router works so I can only let you know how apache handles things. Apache can handle both secure an unsecure sites at the same time because it listen on port 80 for http requests and port 443 for https requests. It uses name based addressing for http requests. It has a NameVirtualHost that specifies which address and port to bind to such as "NameVirtualHost *:80". This is fine if you only have one ssl site. You would simply use <VirtualHost *:443> instead of <VirtualHost *>. Apache uses the "ServerName" directive to resolve the request. With the way https headers are handled, this won't work for multiple ssl sites. Each ssl site would need its own ip address. For now that doesn't seem to be your issue since we are only talking one ssl site. I,m going to guess that you need to uncomment the "NameVirtualhost" directive in httpd.conf or add it if it doesn't exist.

 

[elgrandeperro]

I would look at the access log (with a custom format). Nothing you seem to be have is wrong, I suspect the software load balancer is doing something. Is it a simple port forwarder or something more?

Compare the access log entry with the internal query and one through the external query.