You are not logged in.
Pages: 1
Hi all,
Iam having this problem with Virtual Hosts and SSL.
The subdomains work fine but the problem is when you try to connect to the one with SSL then you get "ssl_error_rx_record_too_long"
Its not a permission error and the certificate is created with the ssh.mydomain.com as FQDN name if that is of any importance
Listen 443
<VirtualHost 172.16.2.250:80>
DocumentRoot /srv/http/www
ServerName www.mydomain.com
</VirtualHost>
<VirtualHost 172.16.2.250:80>
DocumentRoot /srv/http/glype
ServerName proxy.mydomain.com
</VirtualHost>
<VirtualHost 172.16.2.250:80>
DocumentRoot /srv/http/forum
ServerName forum.mydomain.com
</VirtualHost>
<VirtualHost 172.16.2.250:443>
DocumentRoot /srv/http/ssh
ServerName ssh.mydomain.com
SSLEngine ON
SSLCertificateKeyFile "/etc/httpd/certs/server.key"
SSLCertificateFile "/etc/httpd/certs/server.crt"
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8100/
ProxyPassReverse / http://localhost:8100/
</VirtualHost>
Iam grateful for all the help i can recieve.
Offline
Hello gizme!
http://www.errorhelp.com/search/details … d_too_long
https://www.servertastic.com/support/KB … -long.aspx
http://www.lodesys.com/blog/2009/resolving.php
Some url from the start of google results.
Offline
Tried all of those and none of them works.
But i got it working now by setting:
NameVirtualHost 172.16.2.250:80
But as usual i got another problem and that is that the https://ssh.mydomain.com is taking over all https.
So if i go to one of my other subdomains via https it loads the ssh subdomain.
Offline
SSL needs to run on a dedicated IP (and responds to all https requests on that IP) so you can't have multiple vhosts with SSL on the same IP. You would need to bring up more IPs and then configure your other vhosts to use them.
Offline
SSL needs to run on a dedicated IP (and responds to all https requests on that IP) so you can't have multiple vhosts with SSL on the same IP. You would need to bring up more IPs and then configure your other vhosts to use them.
fyi: recent builds of apache and openssl can now do SNI.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Also, if you use wildcard certificates, and your vhosts are all subdomains of the same top level domain, then that would work too. I have done this a few times before. Apache squaks a little when it starts up, but it works fine.
But in the general case, and when using older builds of apache, you are correct regarding the ip requirements.
Last edited by cactus (2009-08-29 18:44:16)
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Pages: 1