Re: [Hampshire] Apache2 SSL Install/Config on Ubuntu

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMVic at <-
MRichard Mace at ->

Reply to this message
Author: Graham Bleach
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Apache2 SSL Install/Config on Ubuntu
On 14/02/07, Richard Mace <richard.mace@???> wrote:
> > I don't really know what's going wrong here, as I'm lacking some key
> > information, such as how many vhosts you have.
>
> Just the one at the moment, and I am not even sure if I "need" to
> configure virtual hosts.

That's fine.

> > which ones don't work
> > and what you want to achieve using SSL. My suspicion is that you are
> > using vhosts and these vhosts have not been configured to accept
> > connections on port 443.
>
> I have a Joomla installation, and I would like to secure the user
> login screen (for obvious reasons) but I am really not sure where to
> start.
>
> Eventually, this box will live out on the Internet, and could well
> have multiple ip addresses pointing at it, so maby vhosts are the way
> to go?

Multiple IPs pointing at a single virtualhost is fine. If you want to
serve multiple domains (e.g. http://foo.example.com/ and
http://bar.example.com/) then it's time to add more vhosts. As I said
previously, due to current limitations of HTTPS, you can only run one
SSL site on each IP address, that's not a concern for you at the
moment.

> > In a vanilla apache install I'd do something like this, but maybe
> > there's a better way if using the standard Debian config:
> >
> > Listen IP:443
> > <VirtualHost IP:443>
> >
> > </VirtualHost>
>
> My /etc/apache2/sites-available/ssl contains the following, does this help:
>
> NameVirtualHost *:443
> <VirtualHost *:443>
>         ServerAdmin webmaster@localhost

As Vic said, specify which IP address(es) you want to listen on.
Otherwise apache won't open port 443 on the IP address(es). Example:

Listen 192.168.1.1:443

I suspect that the reason it works on the loopback interface is that
you have a Listen 127.0.0.1:443 elsewhere in the config.

I'd also specify a ServerName inside the vhost config. Example:

ServerName foo.example.com

It's not strictly necessary, but it makes life easier and I have had
problems with applications that tried to use the ServerName to
generate URLs in the past.

If you still have problems show us the output of:

openssl s_client -connect <IP address>:443

You'll need the openssl package installed, but if you've been
generating certificates or CSRs, I guess you'll have it installed
anyway.

G


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Apache2 SSL Install/Config on Ubuntu[Hampshire] Losing data on iPod->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)