Results 1 to 7 of 7

Thread: Help with configuring Apache for SSL for multiple sites on single IP address

  1. #1
    Join Date
    May 2009
    Location
    US
    Posts
    867

    Default Help with configuring Apache for SSL for multiple sites on single IP address

    I'm trying to set up Apache to host owncloud and davical (a carddav and caldav server) on my home PC. I've managed to get everything working with plain http but would now like to set up ssl encryption, i.e. connect by https.

    I've created my own signed certificate as described here and created the corresponding vhost files. My problem is that I can only access one site the two sites via ssl. I read through the openSUSE 12.2. apache manual and specifically the section 20.6.2.1. Name-Based Virtual Hosts and SSL. I think I'm going wrong with fully understanding name based virtual hosts using a single IP address.

    If I type "https://192.168.1.68" into the browser it opens the davical web page fine. If I type "https://192.168.1.68/owncloud" I get an "object not found message - error 404. I'd appreciate any guidance as I'm going round in circles and getting more confused.

    My set up is as follows:
    The IP address of the server is 192.168.1.68
    Running oS 12.2
    The vhosts files are as follows:
    davical-ssl.conf
    Code:
    # Virtual Host DAViCal
    <VirtualHost 192.168.1.68:443>
      DocumentRoot /usr/share/davical/htdocs
      DirectoryIndex index.php index.html
      ServerName davical
    # ServerAlias 192.168.1.68/davical
      Alias /images/ /usr/share/davical/htdocs/images/
      SSLEngine on
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /etc/apache2/ssl.crt/server.crt
      SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
      <Directory /usr/share/davical/htdocs/>
          AllowOverride None
          Order allow,deny
          Allow from all
      </Directory>
      AcceptPathInfo On
      #
      #  You probably don't need to enable any of these sorts of things other than in exceptional
      #  circumstances.  Apart from the include path (which DAViCal will discover if it is anywhere
      #  'normal') they are the default in newer PHP versions. 
      #
      # php_value include_path /usr/share/awl/inc
      # php_value magic_quotes_gpc 0
      # php_value register_globals 0
      # php_value error_reporting "E_ALL & ~E_NOTICE"
      # php_value default_charset "utf-8"
     # ErrorLog /var/log/apache2/davical.error.log
     # Transferlog /var/log/apache2/davical.access.log
    </VirtualHost>
    owncloud-ssl.conf
    Code:
    # Virtual Host ownCloud
    <VirtualHost 192.168.1.68:443>
     DocumentRoot /srv/www/htdocs
     ServerName owncloud
     ServerAlias 192.168.1.68/owncloud
     SSLEngine on
     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /etc/apache2/ssl.crt/server.crt
     SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
     <Directory /srv/www/htdocs/owncloud>
      AllowOverride all
      Order allow,deny
      Allow from all
     </Directory>
     ScriptAlias /cgi-bin/ /srv/www/cgi-bin
     <Directory /srv/www/cgi-bin>
      AllowOverride None
      Options +ExecCGI -Includes
      Order allow,deny
      Allow from all
     </Directory>
    </VirtualHost>
    listen.conf
    Code:
    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports. See also the <VirtualHost> directive.
    #
    # http://httpd.apache.org/docs-2.2/mod/mpm_common.html#listen
    #
    # Change this to Listen on specific IP addresses as shown below to 
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    # When we also provide SSL we have to listen to the 
    # standard HTTP port (see above) and to the HTTPS port
    #
    # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
    #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
    #
    #Listen 12.34.56.78:80
    #Listen 80
    #Listen 443
    # Line below added by GJ - Listen 8040
    Listen 8040
    Listen 80
    
    
    <IfDefine SSL>
        <IfDefine !NOSSL>
        <IfModule mod_ssl.c>
    
            Listen 443
    
        </IfModule>
        </IfDefine>
    </IfDefine>
    
    
    # Use name-based virtual hosting
    # 
    # - on a specified address / port:
    #
    #NameVirtualHost 12.34.56.78:80
    #
    # - name-based virtual hosting:
    #
    #NameVirtualHost *:80
    #
    # - on all addresses and ports. This is your best bet when you are on
    #   dynamically assigned IP addresses:
    #
    #NameVirtualHost *
    NameVirtualHost *:80
    NameVirtualHost *:8040
    NameVirtualHost *:443
    IBM Thinkpad X60s | Intel L2400 | Intel 945GM | 3GB | openSUSE Tumbleweed
    Dell XPS 13 9360 | openSUSE Leap 42.3

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,273
    Blog Entries
    2

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    First, is there some reason why you didn't post in the Technical Help Forums (Applications) instead of this forum which specfically is titled "Other than Support" ?
    (Forum Admin - hint, hint)

    As for your specific problem, you should consider what it means for sites to be "Name Based."
    It means that you're not serving your sites by IP address, only the first site is accessible that way.

    Note that to implement Name Based "anything" you also need to configure client name resolution (eg DNS or Hosts file).

    The alternative to Name Based when sharing the same IP address is to deploy each webite using a different port.

    HTH,
    TSU

  3. #3
    Join Date
    May 2009
    Location
    US
    Posts
    867

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    Oops. I didn't notice it was the wrong forum. When browsing the forum I usually like to have multiple tabs open of the various forum sections and posted in the wrong one by accident. Can a forum mod please move it.

    On to your reply. I am hearing what you say but am not fully understanding. I've trawled google for tutorials on setting up apache for name based sites but their examples always seem simplified and don't seem to work when I apply them to my set up. I've had to leave it for a while as I got busy with other things but I'll have another look later.

    I use the method of having different sites on different ports for the non encrypted versions but I thought for HTTPS it had to be port 443 so you couldn't have different secure ports.
    IBM Thinkpad X60s | Intel L2400 | Intel 945GM | 3GB | openSUSE Tumbleweed
    Dell XPS 13 9360 | openSUSE Leap 42.3

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,823
    Blog Entries
    15

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    Hi
    Closing thread and moving to applications

    nntp users, please don't respond until the thread is moved.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,823
    Blog Entries
    15

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    Quote Originally Posted by suse_tpx60s View Post
    I'm trying to set up Apache to host owncloud and davical (a carddav and caldav server) on my home PC. I've managed to get everything working with plain http but would now like to set up ssl encryption, i.e. connect by https.

    I've created my own signed certificate as described here and created the corresponding vhost files. My problem is that I can only access one site the two sites via ssl. I read through the openSUSE 12.2. apache manual and specifically the section 20.6.2.1. Name-Based Virtual Hosts and SSL. I think I'm going wrong with fully understanding name based virtual hosts using a single IP address.

    If I type "https://192.168.1.68" into the browser it opens the davical web page fine. If I type "https://192.168.1.68/owncloud" I get an "object not found message - error 404. I'd appreciate any guidance as I'm going round in circles and getting more confused.

    My set up is as follows:
    The IP address of the server is 192.168.1.68
    Running oS 12.2
    The vhosts files are as follows:
    davical-ssl.conf
    Code:
    # Virtual Host DAViCal
    <VirtualHost 192.168.1.68:443>
      DocumentRoot /usr/share/davical/htdocs
      DirectoryIndex index.php index.html
      ServerName davical
    # ServerAlias 192.168.1.68/davical
      Alias /images/ /usr/share/davical/htdocs/images/
      SSLEngine on
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /etc/apache2/ssl.crt/server.crt
      SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
      <Directory /usr/share/davical/htdocs/>
          AllowOverride None
          Order allow,deny
          Allow from all
      </Directory>
      AcceptPathInfo On
      #
      #  You probably don't need to enable any of these sorts of things other than in exceptional
      #  circumstances.  Apart from the include path (which DAViCal will discover if it is anywhere
      #  'normal') they are the default in newer PHP versions. 
      #
      # php_value include_path /usr/share/awl/inc
      # php_value magic_quotes_gpc 0
      # php_value register_globals 0
      # php_value error_reporting "E_ALL & ~E_NOTICE"
      # php_value default_charset "utf-8"
     # ErrorLog /var/log/apache2/davical.error.log
     # Transferlog /var/log/apache2/davical.access.log
    </VirtualHost>
    owncloud-ssl.conf
    Code:
    # Virtual Host ownCloud
    <VirtualHost 192.168.1.68:443>
     DocumentRoot /srv/www/htdocs
     ServerName owncloud
     ServerAlias 192.168.1.68/owncloud
     SSLEngine on
     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /etc/apache2/ssl.crt/server.crt
     SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
     <Directory /srv/www/htdocs/owncloud>
      AllowOverride all
      Order allow,deny
      Allow from all
     </Directory>
     ScriptAlias /cgi-bin/ /srv/www/cgi-bin
     <Directory /srv/www/cgi-bin>
      AllowOverride None
      Options +ExecCGI -Includes
      Order allow,deny
      Allow from all
     </Directory>
    </VirtualHost>
    listen.conf
    Code:
    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports. See also the <VirtualHost> directive.
    #
    # http://httpd.apache.org/docs-2.2/mod/mpm_common.html#listen
    #
    # Change this to Listen on specific IP addresses as shown below to 
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    # When we also provide SSL we have to listen to the 
    # standard HTTP port (see above) and to the HTTPS port
    #
    # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
    #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
    #
    #Listen 12.34.56.78:80
    #Listen 80
    #Listen 443
    # Line below added by GJ - Listen 8040
    Listen 8040
    Listen 80
    
    
    <IfDefine SSL>
        <IfDefine !NOSSL>
        <IfModule mod_ssl.c>
    
            Listen 443
    
        </IfModule>
        </IfDefine>
    </IfDefine>
    
    
    # Use name-based virtual hosting
    # 
    # - on a specified address / port:
    #
    #NameVirtualHost 12.34.56.78:80
    #
    # - name-based virtual hosting:
    #
    #NameVirtualHost *:80
    #
    # - on all addresses and ports. This is your best bet when you are on
    #   dynamically assigned IP addresses:
    #
    #NameVirtualHost *
    NameVirtualHost *:80
    NameVirtualHost *:8040
    NameVirtualHost *:443
    Thread moved and reopend
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,273
    Blog Entries
    2

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    Port 443 is only the default SSL port, you can specify any unused port you want but of course using default port numbers makes it easier/simpler for client browser URLs.

    Bottom line is that of course you ran into your posted problem because only the first Named website is also accessible using an IP address (because it's default). Trying to access any other Named website by IP address will fail, you need to use the Hostname, ie configured website name.

    The reason why I mentioned using non-default port numbers is because that method <will> work if you wish to access the website using the IP address.

    HTH,
    TSU

  7. #7
    Join Date
    May 2009
    Location
    US
    Posts
    867

    Default Re: Help with configuring Apache for SSL for multiple sites on single IP address

    Thanks tsu2. I'll try give it another go when I have more time to mess with it. But to be clear:

    Let's say I have given my server the name pc1.
    I have website call davical.
    I have a second website called owncloud.

    In my hosts file on the server do I set my IP 192.168.1.68 to pc1 as well as davical and owncloud? At the moment it just sets the IP to pc1.

    So in the virtual hosts files where <Virtualhost> is defined do I use the server name or website name instead of the IP address? I.E. <Virtualhost pc1:443> or <Virtualhost davical:443> instead of <Virtualhost 192.168.1.68:443>?

    Would I also need to set the same IP to hostname mapping in my client's hostfile?
    IBM Thinkpad X60s | Intel L2400 | Intel 945GM | 3GB | openSUSE Tumbleweed
    Dell XPS 13 9360 | openSUSE Leap 42.3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •