[olug] apache/mod_ssl httpd.conf - HTTP on 80 and HTTPS on 433 it works!

Brian Wiese bwiese at cotse.com
Sun Sep 28 15:18:17 UTC 2003


Thanks Dan, good idea... I finally got it working.  For the record, the
basics one needs in their httpd.conf are:

just a refresh... pertinent parts of my global httpd.conf:
Port 80
#Listen 192.168.1.120:80

<IfModule mod_ssl.c>
#Listen 192.168.1.120:443
Listen 80
Listen 443

AddType application/x-x509-ca-cert .crt
AddType appliation/x-pkcs7-crl .crl

#SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_cache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apache/ssl_engine_log
SSLLogLevel warn
</IfModule>

BindAddress 192.168.1.120
NameVirtualHost 192.168.1.120

<Virtualhost 192.168.1.120:80>
# normal vhost type stuff, if you want it, read the docs.
    ServerAdmin bwiese at nospam.mail.unomaha.edu
    DocumentRoot /var/www/acm
    ServerName acm
    ErrorLog /var/log/apache/acm-vhost-error.log
    CustomLog /var/log/apache/acm-vhost-access.log common
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

<Virtualhost 192.168.1.120:443>
# normal vhost type stuff, if you want it, read the docs.
SSLEngine On
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
SSLCACertificatePath conf/ssl.crt
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLCARevocationPath conf/ssl.crl

    ServerAdmin bwiese at nospam.mail.unomaha.edu
    DocumentRoot /var/www/acm
    ServerName acm
    ErrorLog /var/log/apache/acm-vhost-error.log
    CustomLog /var/log/apache/acm-vhost-access.log common
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

-------------
just make sure to have "Port 80" in the global as well, else something
like this:#Port 80
#Listen 192.168.1.120:80
BindAddress 192.168.1.120

will give you errors like this:
[Sun Sep 28 09:59:29 2003] [error] VirtualHost 192.168.1.120:443 -- mixing
* ports and non-* ports with a NameVirtualHost address is not supported,
proceeding with undefined results[Sun Sep 28 09:59:29 2003] [error]
VirtualHost 192.168.1.120:80 -- mixing * ports and non-* ports with a
NameVirtualHost address is not supported, proceeding with undefined
results--------------
thanks again Dan, help greatly appreciated!!
Next time I see you at the meeting or whatever, I owe you a drink/sandwich
or something...

peace, cheers
Brian

On Sun, 28 Sep 2003 02:50:31 -0500
Daniel Pfile <daniel at pfile.net> wrote:

|Hmm.. try adding
|
|<Virtualhost 192.168.1.120:80>
|</Virtualhost>
|
|
|On Sunday, September 28, 2003, at 02:11 AM, Brian Wiese wrote:
|
|> If anyone has the desire to, please look over my httpd.conf file and 
|> see
|> if theres anything obviously wrong... getting the server to listen on 
|> 80
|> for HTTP and 443 at the same time for HTTPS seems to be the problem.
|>
|> http://www.brianwiese.net/files/http/
|>
|> On Sun, 28 Sep 2003 02:06:40 -0500
|> Brian Wiese <bwiese at cotse.com> wrote:
|>
|> ||<Virtualhost your.ip.addy:443>
|> ||# normal vhost type stuff, if you want it, read the docs.
|> ||SSLEngine On
|> ||SSLCertificateFile    /path/to/ssl.crt/server.crt
|> ||SSLCertificateKeyFile /path/to/ssl.key/server.key
|> ||SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|> ||</VirtualHost>
|> ||
|> ||Hope that gets you pointed in the right direction. Read apache's 
|> docs,
|> ||they're pretty good.
|> ||
|> ||-- Daniel
|> |
|> |Thanks Dan, but I'm still at the same point.. my problem is getting
|> |apache to both LISTEN on 443 for HTTPS and on 80 for HTTP.  I feel 
|> it's
|> |just my"Port" and "Listen" lines that need help in configuration.  
|> Could
|> |you point out for me how you have your's setup?  Using the standard 
|> docs
|> |as reference is what has been giving me the error, and this is what I 
|> get
|> |trying to access port 80...
|> |
|> |-----------------------------------
|> |Bad Request
|> |Your browser sent a request that this server could not understand.
|> |
|> |Reason: You're speaking plain HTTP to an SSL-enabled server port.
|> |Instead use the HTTPS scheme to access this URL, please.
|> |
|> |    Hint: https://acm:443/
|> |
|> |Apache/1.3.26 Server at acm Port 443
|> |------------------------------------
|> |in the ssl-error-log
|> |[28/Sep/2003 01:48:19 12791] [error] SSL handshake failed: HTTP 
|> spoken on
|> |HTTPS port; trying to send HTML error page (OpenSSL library error
|> |follows)[28/Sep/2003 01:48:19 12791] [error] OpenSSL: 
|> error:1407609C:SSL
|> |routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to
|> |HTTPS port!?][28/Sep/2003 01:48:19 12792] [error] SSL handshake 
|> failed:
|> |HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL
|> |library error follows)[28/Sep/2003 01:48:19 12792] [error] OpenSSL:
|> |error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint:
|> |speaking HTTP to HTTPS port!?]
|> |
|> |I have "Port 80" in my global config, and in my <ifmodule mod_ssl.c>
|> |"Listen 80"
|> |"Listen 443"
|> |
|> |This is the only way I've been able to show apache listening on both 
|> by
|> |doing a netstat -lt, unfortunately only 1 port is working.  "Listen"
|> |statements are not allowed within virtual host directives...  any
|> |suggestions?
|> |
|> |Just to be complete, I can send the httpd.conf file as well (wont get
|> |through the mailing list though).
|> |
|> |Brian
|>
|>  Brian Wiese | bwiese(at)cotse.com | aim: unolinuxguru
|> -------------------------------------------------------
|>   GnuPG/PGP key 0x2FD6AF16 | "FREEDOM!" - Braveheart
|> -------------------------------------------------------
|> Please avoid sending me Word or PowerPoint attachments.
|> See http://www.fsf.org/philosophy/no-word-attachments.html
|> _______________________________________________
|> OLUG mailing list
|> OLUG at olug.org
|> http://lists.olug.org/mailman/listinfo/olug
|
|_______________________________________________
|OLUG mailing list
|OLUG at olug.org
|http://lists.olug.org/mailman/listinfo/olug
|


 Brian Wiese | bwiese(at)cotse.com | aim: unolinuxguru
-------------------------------------------------------
  GnuPG/PGP key 0x2FD6AF16 | "FREEDOM!" - Braveheart 
------------------------------------------------------- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html


More information about the OLUG mailing list