[ILUG] ssl and virtual hosts problem

Andy Morrow andy.morrow at jinny.ie
Fri Jul 16 16:17:24 IST 2004 

hi all,

trying to configure ssl stuff as per the following,

have setup ssl client certs, all working fine, httpd.conf and ssl.conf all
fine,

problem is when i want to bypass this ssl require cert stuff


i want all external traffic to http://s.a.ie to be redircted to
https://s.a.ie
but i want internal ip's to be able to view the site normally without having
to install a client cert.

linux box has internal and external ip's

and below are the virtual hosts parts from the 2 .conf files


the problem is that it will do the redirect ok, but i call access the
machine's url internally ( http://192.168.2.29) or by unsecure site (
http://s.a.ie ), i just get "page cannot be displayed" message
the logs dont seem to be a lot of help either!!

thanks for any help



############################httpd.conf############

servername [external-ip]


NameVirtualHost 192.168.2.29:80

<VirtualHost 192.168.2.29:80>
        ServerAdmin root at jinny.ie
        DocumentRoot /var/www/html/
        DirectoryIndex test.php
        ServerName s.a.ie
        redirect / https://s.a.ie/
        ErrorLog logs/www_error_log
</VirtualHost>


###########################ssl.conf################
NameVirtualHost 192.168.2.29:443


<VirtualHost 192.168.2.29:443>
        ServerAdmin root at jinny.ie
        DocumentRoot /var/www/html/
        DirectoryIndex test2.php
        ServerName s.a.ie
        ErrorLog logs/ssl_error_log
        TransferLog /etc/httpd/logs/ssl_access_log
        SSLEngine On
        SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.pem
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/key.pem
        <Files ~ "\.(cgi|shtml|php)$">
         SSLOptions +StdEnvVars
        </Files>
        <Directory "/var/www/cgi-bin">
         SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        CustomLog /etc/httpd/logs/ssl_request_log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        SSLVerifyClient require
        SSLVerifyDepth 2
        CustomLog logs/ssl_access_log common

	SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	SSLCACertificatePath /etc/httpd/conf/sslcerts/cert
	SSLCACertificateFile /etc/httpd/conf/sslcerts/cert/ca.crt
</VirtualHost>

More information about the ILUG mailing list