Re: [CentOS] SSL and virtual hosts?

This is how I do it. It is a vhost file configured for http (port 80) and https (port 443).

Hope it helps

<VirtualHost 208.83.1.1:80>

ServerAdmin webmaster@domain.com

ServerName my.domain.com

DocumentRoot /var/www/domain.com/my/public/

<Directory /var/www/domain.com/my/public/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>

# Setup error documents directory outside docroot Alias /error/ /var/www/error/

# Setup our aliased /error directory for SSI <Directory /var/www/error/> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback </Directory>

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

# Set .htaccess to different name and explicitly deny access to it. AccessFileName .htaccess

<Files ~ "^.ht"> Order allow,deny Deny from all Satisfy All </Files>

# Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn

ErrorLog /var/www/domain.com/my/log/error.log CustomLog /var/www/domain.com/my/log/access.log combined

ServerSignature Off

</VirtualHost>

<VirtualHost 208.83.1.1:443>

ServerAdmin webmaster@domain.com

ServerName my.domain.com

DocumentRoot /var/www/domain.com/my/public/

<Directory /var/www/domain.com/my/public/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>

SSLEngine on SSLCertificateFile /var/www/domain.com/my/ssl/domain.com.my.crt SSLCertificateKeyFile /var/www/domain.com/my/ssl/domain.com.my.key SSLCACertificateFile /var/www/domain.com/my/ssl/domain.com.my.ca-bundle SSLProtocol -ALL +SSLv3 +TLSv1 # SSLProtocol -ALL +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

# Setup error documents Alias /error/ "/usr/share/apache2/error/"

<Directory "/usr/share/apache2/error"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en cs de es fr it nl sv pt-br ro ForceLanguagePriority Prefer Fallback </Directory>

ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

# Set .htaccess to different name and explicitly deny access to it. AccessFileName .htaccess

<Files ~ "^.ht"> Order allow,deny Deny from all Satisfy All </Files>

# Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn

ErrorLog /var/www/domain.com/my/log/ssl_error.log CustomLog /var/www/domain.com/my/log/ssl_access.log combined

ServerSignature Off

</VirtualHost>

Tracy Phillips

On Sun, Sep 20, 2009 at 2:36 AM, Niki Kovacs contact@kikinovak.net wrote:

Hi,

I successfully managed to use SSL on a local webserver for testing purposes, following the section "Using SSL" in the Chapter "Using Apache" of the "Definitive Guide to CentOS". Now I wonder: how can I use SSL with virtual hosts?

I have several virtual hosts defined. Let's say I want to use SSL with this one:

<VirtualHost *:80> ServerAdmin info@microlinux.fr DocumentRoot /var/www/html/microlinux ServerName buildbox.presbytere.local ServerAlias microlinux.buildbox.presbytere.local ServerAlias microlinux.buildbox ErrorLog logs/microlinux-error_log CustomLog logs/microlinux-access_log common

</VirtualHost>

The key and certificate files are located in /etc/certs:

# ls -lh /etc/certs total 12K -rw-r--r-- 1 root root 981 sep 20 11:06 microlinux.crt -rw-r--r-- 1 root root 716 sep 20 11:04 microlinux.csr -rw-r--r-- 1 root root 887 sep 20 11:11 microlinux.key

I'm not sure about the correct syntax to use SSL on this one. Where do I configure SSLCertificateFile and SSLCertificateKeyFile? In the virtual host stanza? Before trying various haphazard configurations, I thought I'd better ask here.

Niki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos