Topic: how should a ssl virtualhost config look like?

[mightyspawn]

Well im using a ssl virtual host, working fine. But i can access it with all the domains which are forwarded to my address.

https://www.adres1.com goes to my secure site
https://www.adres2.com goes to my secure site

In my normal vhost the first vhost is for everything that is unknown to the server.

Is this also in the ssl conf? But if i add one extra i dont get the ssl page anymore instead i get a can not be viewed error page.

Hope someone could help

here my ssl conf

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
#SSLMutex file:logs/ssl_mutex

##
## SSL Virtual Host Context
##
#<VirtualHost *:443>
#</VirtualHost>

<VirtualHost *:443>
ServerAdmin webmaster@domain.com
ServerName blaat.com
<Directory "/beheer">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DocumentRoot /beheer

#ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/
SSLEngine on
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

I know its name based virtualhost, but i thought you could finally make more ssl virtualhosts with apache 2.2.

[Steffen]

Try to put in the <VirtualHost *:443> container:


RewriteEngine on
RewriteRule /(.*) http://%{HTTP_HOST}/$1 [P,L]


Also you have comment out:

LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_module modules/mod_proxy.so


Steffen

[Jorge]

SSL hosts don't seem to work name based.
They only seem to when using IP's that a limitation of the SSL Protocal since the host name is encryted!

[ali_fareed]

no I dont think it's because of the ssl protocol the hostname is sent with the http request header on the application layer in the host: header you can read about it in rfc 2817 it must be something in the configuration or a bug in apache but the problem is not in the protocol.

http://www.ietf.org/rfc/rfc2817.txt

[Steffen]

With my example above you can do it:

Define one 443 vhost with inside :

RewriteEngine on
RewriteRule /(.*) http://%{HTTP_HOST}/$1 [P,L]

This proxied to your other normal Vhosts.

Also to get rid of the browser warning that the domain name is not valid, use the tip at www.apachelounge.com/viewtopic.php?t=603

Steffen

[Jorge]

[Steffen]

I am using, as decribed above, One certificate for all my Name based Vhosts.


Steffen

[ali_fareed]

yeah the request header is encrypted but http namebased virtualhosts are application based it works by reading your host: header for example an apache server with ip address 72.36.213.18 may have several dns names when I enter foobar.com in my browser the request is sent like this by IE

[ali_fareed]

ok I just thought about it and I think I get what you mean I was speaking about using one certificate for all virtualhosts like what steffen is doing but you were speaking about using a certificate for every virtualhost so the request must be encrypted by one of the public keys although you can upgrade from within http 1.1 like what the rfc specifies so if thats what you mean i'm really sorry your right in that case you cant connect directly using ssl to name based virtualhost you wil have to first connect using normal http than upgrade to ssl from within the connection.

[Jorge]

[admin]

All my domains are matching with a self created test certificate.


Steffen

[James Blond]

http://www.apachelounge.com/viewtopic.php?t=603
You need only one!!!

[hph]

Cool stuff. I was able to create certificates but the virtual host configuration is not really working. Not really working means the rewriterule doesn't really work.

[hph]

Slept a night over it. Worked. Problem solved. See below.