SSL not available, for no apparent reason

Luke Davis ldavis at shellworld.net
Sat Aug 21 15:24:54 EDT 2004 

On Fri, 20 Aug 2004, Gregory Nowak wrote:

> Ok, personally, I think you're asking for trouble by using an asterisk
> in your virtual host declarations. [.]

I forget exactly why I did that--it was setup in June of 03, and that was 
the only way I could get it to work.  This machine serves both a private 
network (via SNAT), and as the gateway/web/everything else server, to the 
public IP.
It also serves two SLDs, with their own subdomains.
I am only trying to provide SSL service for one of the SLDs (the one I 
included as "placeholder"), but need it accessible via all interfaces.

I need it to serve:

mail.placeholder.com
imap.placeholder.com

and about 8 other cnameish hosts, from the same content as:

www.placeholder.com

The easiest method, seemed to be with the wildcards.

It appears I got the idea for doing it this way, from a slightly 
complexified form of the example provided here:

http://httpd.apache.org/docs/vhosts/examples.html#purename

I just read a lot more of that document, and if I read you correctly, I 
probably should have been using the example from part three of:

http://httpd.apache.org/docs/vhosts/examples.html#name

> You've also got 2 different virtual
> host declarations, both using an asterisk, but both having different
> server names. [.]

Given the example at the first URL above, and given the way I have done 
this for about 8 virtual hosts, for a year or so now, there is not 
strictly anything wrong with that.
It just doesn't happen to work when you throw differential ports into the 
mix.

> Also, while the virtual host with the ip address is set
> to listen on port 443, the asterisk hosts are not explicitly defined
> to listen on port 80, and they should be.

Perhaps they *should* be, but it works fine without them so defined.  I 
had been assuming that the "port 80" from the global section, would carry 
over to any undefined vhosts, but perhaps it doesn't in some contexts?

> So, let's take your 2 servers, and try to put things to rights. First,
> and foremost, you cannot make up your host names, they need to have
> valid dns records. [.]

Sorry, but I can't resist a "ya think?".:)
Of course, DNS is functioning perfectly for all of these.

The sites have been running fine for quite a while.  It's only now that I 
am trying to add SSL support, that things are failing.

> NameVirtualHost atlas.placeholder.com
> NameVirtualHost webmail.placeholder.com
> NameVirtualHost 12.34.56.78

The only problem I have with your solution, other than the possible 
difficulties with my double network, is that this solution doesn't cover 
the non-specified subdomains, that also resolve to this box.  I believe I 
can find a way around that, using defaults, however, or possibly with 
serveralias declarations in the main vhost, so that probably isn't a 
problem, and even if I am incorrect, it is still not a major issue.

> if you for example want webmail.placeholder.com to talk both http on

True, but only if webmail, is the only vhost speaking HTTPS.  Because 
HTTPS is a sub-application-layer protocol, only one vhost can be SSL 
enabled at a time.
If you were speaking additively, then it won't work.  If you were speaking 
of webmail as the only vhost, then yes.
At least, that was my understanding of the way HTTPS works.

I'll make some changes and see what happens.

Thanks

Luke

More information about the Speakup mailing list