apache-ssl: how to setup two versions of server, http:// and https:// ?

apache-ssl: how to setup two versions of server, http:// and https:// ?

Post by Miern » Sun, 31 Dec 1899 09:00:00



My /etc/apache-ssl/httpd.conf is as follows, and it doesn't work correctly:

ServerType standalone
ServerRoot /etc/apache-ssl
LockFile /var/run/apache.lock
PidFile /var/run/apache-ssl.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 30
BindAddress *
# LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so
# LoadModule env_module /usr/lib/apache/1.3/mod_env.so
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so
# LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule status_module /usr/lib/apache/1.3/mod_status.so
# LoadModule info_module /usr/lib/apache/1.3/mod_info.so
# LoadModule includes_module /usr/lib/apache/1.3/mod_include.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so
# LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so
# LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so
# LoadModule action_module /usr/lib/apache/1.3/mod_actions.so
# LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so
LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so
# LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
# LoadModule anon_auth_module /usr/lib/apache/1.3/mod_auth_anon.so
# LoadModule dbm_auth_module /usr/lib/apache/1.3/mod_auth_dbm.so
# LoadModule db_auth_module /usr/lib/apache/1.3/mod_auth_db.so
# LoadModule digest_module /usr/lib/apache/1.3/mod_digest.so
# LoadModule cern_meta_module /usr/lib/apache/1.3/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
# LoadModule headers_module /usr/lib/apache/1.3/mod_headers.so
# LoadModule usertrack_module /usr/lib/apache/1.3/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
# LoadModule sys_auth_module /usr/lib/apache/1.3/mod_auth_sys.so
# LoadModule put_module /usr/lib/apache/1.3/mod_put.so
# LoadModule throttle_module /usr/lib/apache/1.3/mod_throttle.so
AddModule apache_ssl.c
# LoadModule auth_ldap_module /usr/lib/apache/1.3/auth_ldap.so
# LoadModule allowdev_module /usr/lib/apache/1.3/mod_allowdev.so
# LoadModule pgsql_auth_module /usr/lib/apache/1.3/mod_auth_pgsql.so
# LoadModule cvs_module /usr/lib/apache/1.3/mod_cvs.so
# LoadModule define_module /usr/lib/apache/1.3/mod_define.so
# LoadModule eaccess_module /usr/lib/apache/1.3/mod_eaccess.so
# LoadModule roaming_module /usr/lib/apache/1.3/mod_roaming.so
ExtendedStatus on

# ----------------------------- main sever -----------------------------------------------
# By popular demand, this file now illustrates the way to create two websites,
# one secured (on port 8887), the other not (on port 8888).

ServerType standalone
User www-data
Group www-data

DocumentRoot /var/www
ServerName www.mrn3.org

#Port 8888
#Listen ServerPort
#Listen 443
SSLSessionCacheTimeout 15
SSLCertificateFile /etc/apache-ssl/apache.pem

<VirtualHost tarnica:8888>
SSLDisable
ServerName www.mrn3.org
</VirtualHost>

<VirtualHost tarnica:8887>
SSLEnable
ServerName www.mrn3.org
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCACertificatePath /etc/apache-ssl
SSLCertificateFile /etc/apache-ssl/apache.pem
SSLVerifyClient 0
SSLVerifyDepth 10
SSLFakeBasicAuth
CustomLog       /var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c %{clientcert}c"
</VirtualHost>

I want the unsecure, normal server appear when the user enters
http://www.mrn3.org/ in the brower, and the secure one
if he enters https://www.mrn3.org/

When the user enters http://www.mrn3.org/ in the browser he gets a box:

A network error occured while Netscape was receiving data.
(Network Error: Connection reset by peer)
Try connecting again.

In error.log I get:
tarnica:~$ cat /var/log/apache-ssl/error.log
[Mon Jan  3 00:10:57 2000] [notice] Apache/1.3.9 Ben-SSL/1.37 (Unix) Debian/GNU configured -- resuming normal operations
[Mon Jan  3 00:10:57 2000] gcache started
[Mon Jan  3 00:11:05 2000] [error] SSL_accept failed
[Mon Jan  3 00:11:05 2000] [error] error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

When the user enters https://www.mrn3.org/ he gets a box:

Netscape's network connection was refused by the server www.mrn3.org
The server may be not accepting connections or may be busy.
Try connecting later.

I do not get any antry in error.log.

What to change in httpd.conf?

--
                   _____________________________________________

                 /   / tel.: +48 602 454 731
________________/___/ http://www.elka.pw.edu.pl/fundusz/miernik/

 
 
 

1. http:// and https:// for servlets compiled in apache

Hi,

I have the following query :

For a httpd compiled with the mod_serv and mod_ssl, and using virtual
host for SSL,
with configuration such as the following :

HTTPD.CONF
==========
.
<IfDefine SSL>
  Listen  91
  Listen  92
</IfDefine>
.
.
<VirtualHost xxx.xxx.xxx.xx:92>

   Servername ....
   DocumentRoot .....

   SSL.....
   SSL ......

</VirtualHost>

include /usr/SERVLET/jserv.conf

The servelet programs can both be accessed from
http://xxx.xxx.xxx.xxx:91/servlet
and https://xxx.xxx.xxx.xxx:92/servlet

which defeats the purpose of using SSL in the first place.

If I still want to be able to listen to 2 different ports , 1 for
non-secure and 1 for secure, and both cannot accesss each other programs
...and still using only 1 HTTPD , how can this be done ?

Regards,
Keok Tay

2. card with t.v. output ?

3. Apache and redirecting http:// to https://

4. EMACS &LINUX problem: editor only displays one screen

5. http:// does work but https://

6. anyone using 20 MB RAM?

7. https:// to http:// by ProxyPass

8. sockets -> select problem

9. Why flushing buffer works w/ http:// but not https://

10. redirect to http:// to http://www

11. how to get SSL secured files from https://

12. Can Apache Proxy https://

13. Intermittant problem with Apache and http://../~users