#6 SSL not working in vhosts

v0.0.3
closed-fixed
Corey
None
5
2005-08-17
2005-08-12
Corey
No

SSL is not working, because httpd-include.conf in
/etc/httpd/conf.d/ is being loaded BEFORE ssl.conf is...

so mod_ssl isn't being seen at all when all the vhosts
are loaded, but then mod_ssl is loaded afterwards so
that kind of confuses the problem.

need to think of a fix for this, that won't break
anything else.

Discussion

  • Corey

    Corey - 2005-08-12
    • assigned_to: nobody --> cormander
     
  • Corey

    Corey - 2005-08-12
    • milestone: --> v0.0.3
     
  • Barry Hopwood

    Barry Hopwood - 2005-08-13

    Logged In: YES
    user_id=1328598

    from: Barry Hopwood - appliedimg

    The offical line from Apache is that you can't have SSL when using
    name-based virtual hosting.

    Actually you can have ONE SSL host + MANY non-SSL hosts, however:
    with the current Ravencore setup the httpd-include files are processed
    before the 'ssl.conf' file - where the ssl_module is loaded.

    If you rename the main '/conf.d/httpd-include.conf' as something like
    '/conf.d/xhttpd-include.conf' to force it to be processed after
    'ssl.conf', that should work, EXCEPT, 'ssl.conf' already defines a
    vitualhost on port 443.

    Looks like the only solution - until TLS is more widely used - is to either
    use different port numbers for each SSL host or use IP based virtual
    hosts. I've not decided yet which route to take when we need secure
    access.

     
  • Corey

    Corey - 2005-08-13

    Logged In: YES
    user_id=1066333

    Thanks for your input!

    I'm thinking I might do this:

    get the server root and server config files from this
    command: httpd -V

    look in the file to see if it conains the pattern "Include
    .*/etc/vhosts.conf"

    If it doesn't exist, append it to the file:

    echo "Include $RC_ROOT/etc/vhosts.conf" >> $httpd_conf_file

    If it does exist, check to see that the pattern matches
    $RC_ROOT, and kick back an error if it doesn't match.

    Oh and of course remove the httpd-include.conf from the conf.d

    I'm also thinking useing IP based SSL virtual hosts is the
    way to go.

    Just my two cents, will jump on this when I get a chance

     
  • Barry Hopwood

    Barry Hopwood - 2005-08-14

    Logged In: YES
    user_id=1328598

    I think name-based virtual hosts should be the default method - this is
    much more useful in a hosting environment.
    IP based vhosts are fine if you only need a few secure sites or have a
    large number of IP addresses available.

    Maybe allow alternative methods to be specfied in a high-level config,
    accessible only to an administrator.

    Yes I agree using "/vhosts.conf" is a good idea since this is the
    normal method.

     
  • Corey

    Corey - 2005-08-17
    • status: open --> closed-fixed
     
  • Corey

    Corey - 2005-08-17

    Logged In: YES
    user_id=1066333

    This is going to need a new database table or two, and maybe
    a few new fields to existing tables, so we can assign IPs to
    users for SSL hosting

    This will all be in 0.0.4

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks