Apache - SSL: Razlicni SSL virtual hosti

Simon Striker simon at schtriker.net
Fri Oct 1 14:07:18 CEST 2004


Zivijo!

Na FAQju pd Apacha sem prebral, da je mozno imeti vec razlicnih SSL
virtual hostov na istem strezniku, ce za vsak SSL host uporabim
drug PORT.

Sem poskusil to naresti, pa mi nekako ne deluje.

V ssl.conf imam:

Listen 443
Listen 333

....

1.SSL:
NameVirtualHost *:443
<VirtualHost *:443>
#   General setup for the virtual host
DocumentRoot /var/www/html/mail
ServerName mail.exampleDomain.net:443
ServerAdmin root at exampleDomain.net
ErrorLog /usr/local/apache2/logs/HTTPSmail.exampleDomain.net.error_log
TransferLog /usr/local/apache2/logs/HTTPSmail.exampleDomain.net.access_log

#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
SSLCertificateFile
/usr/local/apache2//conf/ssl.crt/mail.exampleDomain.net.crt

#   Server Private Key:
SSLCertificateKeyFile
/usr/local/apache2//conf/ssl.key/mail.exampleDomain.net.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2//cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2//logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

2. SSL:
NameVirtualHost *:333
<VirtualHost *:333>
#   General setup for the virtual host
DocumentRoot /var/www/html/cvetka
ServerName cvetka.exampleDomain.net:333
ServerAdmin root at exampleDomain.net
ErrorLog /usr/local/apache2/logs/HTTPScvetka.exampleDomain.net.error_log
TransferLog /usr/local/apache2/logs/HTTPScvetka.exampleDomain.net.access_log
php_value include_path .:/var/www/include/cvetka

#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
SSLCertificateFile
/usr/local/apache2//conf/ssl.crt/cvetka.exampleDomain.net.crt

#   Server Private Key:
SSLCertificateKeyFile
/usr/local/apache2//conf/ssl.key/cvetka.exampleDomain.net.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2//cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2//logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Ce z browserjem poskusim odpreti stran:

1. https://mail.exampleDomain.net/ mi jo odpre
2. https://cvetka.exampleDomain.net:333/ mi je ne odpre
3. https://cvetka.exampleDomain.net/ mi jo odpre, vendar me opozori,
da se certifikat ne ujema z imenom strani (ker za povezavo uporabi
certifikat od mail.exampleDomain.net)

V logih nisem nasel nicesar sumljivega.

Zanima me, ali morda kdo ve, kje delam napako oziroma kako ustimam, da
bom imel lahko vec razlicnih SSL virtual hostov?

Za odgovore in morebitne nasvete se vsem ze v naprej lepo zahvaljujem!

Lep pozdrav,

Simon
-------------

Simon Striker
Rusjanov trg 2
1000 Ljubljana      +38641473856
Europe (Slovenia)

E-mail: simon at schtriker.net




More information about the lugos-list mailing list