Posted: 3/17/2014 11:48:39 AM EDT
|
Server version: Apache/2.2.22 (Debian)
I want to run virtual hosts, but to use HTTPS/443 for just 1 of them (and that one cannot use 80), and use 80 for the rest. Even apache.org instructions for 2.2 has simply modifying 1 flat file with ALL the virtual domains in it, but I have this sites-available & sites-enabled structure that seems to have 1 conf file per site. I keep getting these [Mon Mar 17 19:26:06 2014] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results errors and cant figure out how bad they are, but still want to force the HTTP/HTTPS behavior I described. Also not sure what to do with ports.conf file. I dont even have an https.conf file, I do have apache2.conf but it doesnt seem to have any virtual stuff in it. |
|
In ports I have
(kovu is defined in my hosts file)
then in my site-enabled (which is linked to the site-available config
Then for my vhosts i have a file that starts with
I dont define each virtual host individually because im lazy. So I just create a directory for the domain/subdomain and the server will attemp to serve content for any domain/subdomain it gets a request for. |
|
Quoted:
it looks like you have both http & https available for that site. how can you disable http for 1 site, and disable https for all others? I tried explicitly listing sites without using any * and apache2 wouldnt start then. I'm not sure exactly what you're asking but I'll explain my config in more detail... the kovu reference is basically just telling apache what IP/interface to listen on. I have a single https site but multiple http sites. If someone tries to go https on my multiple sites they end up loading my singular https site. I have port 80 and 443 listening on the same interface. You specify in the ports file what IPs and ports to listen on. In your sites-available configs you can then set specific sites to a specific IP if you want. If you are doing virtual hosting and you want a particular site to NOT have http the best you can do is throw up a 404 (or some other error) or use a redirect/mod-rewrite to tell the browser to switch to https for that site. As far as https goes you can only run one https site per ip/port combination (thats not strictly true but thats beyond the scope here. Its complicated). In the case where someone tries to use https on a site you DON'T want https on theres nothing you can do about that. What will happen is that they will get an SSL certificate warning for a hostname mismatch. Accepting the cert will take them to the one site you want to have https... ie you want to run http://moo.com and https://crap.org. If someone goes to https://moo.com they will get a cert error and then it pull up the crap.org site. In the apache config you might be able to put in a rewrite rule to take them to the http site for moo.com but not prior to the SSL error. The problem comes in because the SSL certificate exchange happens prior to the browser being able to tell the server which site it wants to pull up. So even if the server had multiple SSL certs for each site it has no idea which one to provide to the browser. You can only set which SSL cert is tied to what ip and/or port. Hope I didn't contuse you further. 
|
|
Quoted:
I'm not sure exactly what you're asking but I'll explain my config in more detail... the kovu reference is basically just telling apache what IP/interface to listen on. I have a single https site but multiple http sites. If someone tries to go https on my multiple sites they end up loading my singular https site. I have port 80 and 443 listening on the same interface. You specify in the ports file what IPs and ports to listen on. In your sites-available configs you can then set specific sites to a specific IP if you want. If you are doing virtual hosting and you want a particular site to NOT have http the best you can do is throw up a 404 (or some other error) or use a redirect/mod-rewrite to tell the browser to switch to https for that site. As far as https goes you can only run one https site per ip/port combination (thats not strictly true but thats beyond the scope here. Its complicated). In the case where someone tries to use https on a site you DON'T want https on theres nothing you can do about that. What will happen is that they will get an SSL certificate warning for a hostname mismatch. Accepting the cert will take them to the one site you want to have https... ie you want to run http://moo.com and https://crap.org. If someone goes to https://moo.com they will get a cert error and then it pull up the crap.org site. In the apache config you might be able to put in a rewrite rule to take them to the http site for moo.com but not prior to the SSL error. The problem comes in because the SSL certificate exchange happens prior to the browser being able to tell the server which site it wants to pull up. So even if the server had multiple SSL certs for each site it has no idea which one to provide to the browser. You can only set which SSL cert is tied to what ip and/or port. Hope I didn't contuse you further. Quoted:
Quoted:
it looks like you have both http & https available for that site. how can you disable http for 1 site, and disable https for all others? I tried explicitly listing sites without using any * and apache2 wouldnt start then. I'm not sure exactly what you're asking but I'll explain my config in more detail... the kovu reference is basically just telling apache what IP/interface to listen on. I have a single https site but multiple http sites. If someone tries to go https on my multiple sites they end up loading my singular https site. I have port 80 and 443 listening on the same interface. You specify in the ports file what IPs and ports to listen on. In your sites-available configs you can then set specific sites to a specific IP if you want. If you are doing virtual hosting and you want a particular site to NOT have http the best you can do is throw up a 404 (or some other error) or use a redirect/mod-rewrite to tell the browser to switch to https for that site. As far as https goes you can only run one https site per ip/port combination (thats not strictly true but thats beyond the scope here. Its complicated). In the case where someone tries to use https on a site you DON'T want https on theres nothing you can do about that. What will happen is that they will get an SSL certificate warning for a hostname mismatch. Accepting the cert will take them to the one site you want to have https... ie you want to run http://moo.com and https://crap.org. If someone goes to https://moo.com they will get a cert error and then it pull up the crap.org site. In the apache config you might be able to put in a rewrite rule to take them to the http site for moo.com but not prior to the SSL error. The problem comes in because the SSL certificate exchange happens prior to the browser being able to tell the server which site it wants to pull up. So even if the server had multiple SSL certs for each site it has no idea which one to provide to the browser. You can only set which SSL cert is tied to what ip and/or port. Hope I didn't contuse you further. ah I see... no you explained it pretty well. guess ill not try to put in restrictions |