This is how I do it. It is a vhost file configured for http (port 80) and https (port 443).<br><br>Hope it helps<br><br><VirtualHost <a href="http://208.83.1.1:80">208.83.1.1:80</a>><br><br> ServerAdmin <a href="mailto:webmaster@domain.com">webmaster@domain.com</a><br>
<br> ServerName <a href="http://my.domain.com">my.domain.com</a><br><br> DocumentRoot /var/www/<a href="http://domain.com/my/public/">domain.com/my/public/</a><br><br> <Directory /var/www/<a href="http://domain.com/my/public/">domain.com/my/public/</a>><br>
Options Indexes FollowSymLinks MultiViews<br> AllowOverride All<br> Order allow,deny<br> allow from all<br> </Directory><br><br> # Setup error documents directory outside docroot<br> Alias /error/ /var/www/error/<br>
<br> # Setup our aliased /error directory for SSI<br> <Directory /var/www/error/><br> AllowOverride None<br> Options IncludesNoExec<br> AddOutputFilter Includes html<br> AddHandler type-map var<br> Order allow,deny<br>
Allow from all<br> LanguagePriority en es de fr<br> ForceLanguagePriority Prefer Fallback<br> </Directory><br><br> ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var<br> ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var<br>
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var<br> ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var<br> ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var<br> ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var<br>
ErrorDocument 410 /error/HTTP_GONE.html.var<br> ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var<br> ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var<br> ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var<br>
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var<br> ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var<br> ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var<br> ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var<br>
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var<br> ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var<br> ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var<br><br> # Set .htaccess to different name and explicitly deny access to it.<br>
AccessFileName .htaccess<br><br> <Files ~ "^\.ht"><br> Order allow,deny<br> Deny from all<br> Satisfy All<br> </Files><br><br> # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.<br>
LogLevel warn<br><br> ErrorLog /var/www/<a href="http://domain.com/my/log/error.log">domain.com/my/log/error.log</a><br> CustomLog /var/www/<a href="http://domain.com/my/log/access.log">domain.com/my/log/access.log</a> combined<br>
<br> ServerSignature Off<br><br></VirtualHost><br><br><VirtualHost <a href="http://208.83.1.1:443">208.83.1.1:443</a>><br><br> ServerAdmin <a href="mailto:webmaster@domain.com">webmaster@domain.com</a><br><br>
ServerName <a href="http://my.domain.com">my.domain.com</a><br><br> DocumentRoot /var/www/<a href="http://domain.com/my/public/">domain.com/my/public/</a><br><br> <Directory /var/www/<a href="http://domain.com/my/public/">domain.com/my/public/</a>><br>
Options Indexes FollowSymLinks MultiViews<br> AllowOverride All<br> Order allow,deny<br> allow from all<br> </Directory><br><br> SSLEngine on<br> SSLCertificateFile /var/www/<a href="http://domain.com/my/ssl/domain.com.my.crt">domain.com/my/ssl/domain.com.my.crt</a><br>
SSLCertificateKeyFile /var/www/<a href="http://domain.com/my/ssl/domain.com.my.key">domain.com/my/ssl/domain.com.my.key</a><br> SSLCACertificateFile /var/www/<a href="http://domain.com/my/ssl/domain.com.my.ca-bundle">domain.com/my/ssl/domain.com.my.ca-bundle</a><br>
SSLProtocol -ALL +SSLv3 +TLSv1<br> # SSLProtocol -ALL +TLSv1<br> SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<br><br> # Setup error documents<br> Alias /error/ "/usr/share/apache2/error/"<br>
<br> <Directory "/usr/share/apache2/error"><br> AllowOverride None<br> Options IncludesNoExec<br> AddOutputFilter Includes html<br> AddHandler type-map var<br> Order allow,deny<br>
Allow from all<br> LanguagePriority en cs de es fr it nl sv pt-br ro<br> ForceLanguagePriority Prefer Fallback<br> </Directory><br><br> ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var<br> ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var<br>
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var<br> ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var<br> ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var<br> ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var<br>
ErrorDocument 410 /error/HTTP_GONE.html.var<br> ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var<br> ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var<br> ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var<br>
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var<br> ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var<br> ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var<br> ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var<br>
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var<br> ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var<br> ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var<br><br> # Set .htaccess to different name and explicitly deny access to it.<br>
AccessFileName .htaccess<br><br> <Files ~ "^\.ht"><br> Order allow,deny<br> Deny from all<br> Satisfy All<br> </Files><br><br> # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.<br>
LogLevel warn<br><br> ErrorLog /var/www/<a href="http://domain.com/my/log/ssl_error.log">domain.com/my/log/ssl_error.log</a><br> CustomLog /var/www/<a href="http://domain.com/my/log/ssl_access.log">domain.com/my/log/ssl_access.log</a> combined<br>
<br> ServerSignature Off<br><br></VirtualHost><br><br><br clear="all">Tracy Phillips<br>
<br><br><div class="gmail_quote">On Sun, Sep 20, 2009 at 2:36 AM, Niki Kovacs <span dir="ltr"><<a href="mailto:contact@kikinovak.net">contact@kikinovak.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>
<br>
I successfully managed to use SSL on a local webserver for testing<br>
purposes, following the section "Using SSL" in the Chapter "Using<br>
Apache" of the "Definitive Guide to CentOS". Now I wonder: how can I use<br>
SSL with virtual hosts?<br>
<br>
I have several virtual hosts defined. Let's say I want to use SSL with<br>
this one:<br>
<br>
<VirtualHost *:80><br>
ServerAdmin <a href="mailto:info@microlinux.fr">info@microlinux.fr</a><br>
DocumentRoot /var/www/html/microlinux<br>
ServerName buildbox.presbytere.local<br>
ServerAlias microlinux.buildbox.presbytere.local<br>
ServerAlias microlinux.buildbox<br>
ErrorLog logs/microlinux-error_log<br>
CustomLog logs/microlinux-access_log common<br>
</VirtualHost><br>
<br>
The key and certificate files are located in /etc/certs:<br>
<br>
# ls -lh /etc/certs<br>
total 12K<br>
-rw-r--r-- 1 root root 981 sep 20 11:06 microlinux.crt<br>
-rw-r--r-- 1 root root 716 sep 20 11:04 microlinux.csr<br>
-rw-r--r-- 1 root root 887 sep 20 11:11 microlinux.key<br>
<br>
I'm not sure about the correct syntax to use SSL on this one. Where do I<br>
configure SSLCertificateFile and SSLCertificateKeyFile? In the virtual<br>
host stanza? Before trying various haphazard configurations, I thought<br>
I'd better ask here.<br>
<br>
Niki<br>
_______________________________________________<br>
CentOS mailing list<br>
<a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
</blockquote></div><br>