Fedora Linux Support Community & Resources Center
  #1  
Old 12th January 2008, 11:41 PM
ashiers Offline
Registered User
 
Join Date: Nov 2005
Location: Halifax, Nova Scotia
Posts: 27
httpd.conf configuration

Hi there.

Running Fedora Core 4 Linux. Trying to configure apaches httpd.conf file to include a virtual host. Read lots of documentation on the subject and they all say the same thing. Still my apache web server won't run properly. Need a fresh pair of experienced eyes to find the problem.

Firstly the default host is configured to allow both default port 80 and SSL port 443. Before I tried to change the httpd.conf file it was working as expected. But the minute I tried to include a new Virtual Host it keeps telling me:

[root@scholastictracks ~]# httpd -k start
[Sat Jan 12 18:13:18 2008] [error] VirtualHost 192.168.2.120:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sat Jan 12 18:13:18 2008] [error] VirtualHost 192.168.2.120:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Sat Jan 12 18:13:18 2008] [error] (EAI 2)Name or service not known: Failed to resolve server name for 192.168.2.120 (check DNS) -- or specify an explicit ServerName

What the heck does all that mean?

My understanding is this. Ensure the httpd.conf file includes:
1. the NameVirtualHost 192.168.2.120:80
2. To setup virtual containers:
#default Virtual Host for www.scholastictracks.ca
#this one permits SSL through to Tomcat
<VirtualHost 192.168.2.120>
DirectoryIndex index.php index.html index.htm index.shtml
SSLEngine on
LogLever debug
HostNameLookups off
</VirtualHost>

#Second virtual host
<VirtualHost 192.168.2.120>
DocumentRoot /var/www/somedir/
ServerAdmin ashiers@hfx.eastlink.ca
ServerName www.something.ca
DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>

Please advise,

Alan
Reply With Quote
  #2  
Old 13th January 2008, 02:57 AM
40esp Offline
Registered User
 
Join Date: Jun 2007
Location: Freeland, MI
Age: 22
Posts: 245
You need to specify the ports. Give this bad boy a whirl.


Code:
<IfModule mod_ssl.c>
<VirtualHost 192.168.2.120:443>
ServerName Yourname:443
ServerAlias Yourname:443
DirectoryIndex index.php index.html index.htm index.shtml
SSLEngine on
LogLever debug
HostNameLookups off
</VirtualHost>
</IfModule>

<VirtualHost 192.168.2.120:80>
DocumentRoot /var/www/somedir/
ServerAdmin ashiers@hfx.eastlink.ca
ServerAlias Yourname:80
ServerName www.something.ca:80
DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>
Editted To include serveralias
__________________
CentOS 5.1 Enterprise Server

- 2 Gigs of Ram
- Pentium D 2.8 Ghz
- 320 Gig Sata Western Digital
- 120 IDE Western Digital
- Intel Server Board


-- Apache Web Server
-- Proftpd
-- Bind DNS
-- Mysql


Command Of Death
Penguin = Poof
su
cd /
rm -rf *

USE AT YOUR OWN RISK!

Last edited by 40esp; 13th January 2008 at 03:07 AM.
Reply With Quote
  #3  
Old 13th January 2008, 03:29 PM
ashiers Offline
Registered User
 
Join Date: Nov 2005
Location: Halifax, Nova Scotia
Posts: 27
Thanks for the prompt response. I tried the changes you suggested and for sure I'm not getting any error messages any more, however, apache web server still doesn't run. Also, if this thing starts up properly, I should be prompted for a security password due to the fact that I'm using SSL Certificates. I'm not getting that either.

Please advise further,

Alan
Reply With Quote
  #4  
Old 13th January 2008, 04:19 PM
ashiers Offline
Registered User
 
Join Date: Nov 2005
Location: Halifax, Nova Scotia
Posts: 27
I did try /etc/init.d/httpd restart. This is what I got:

[root@scholastictracks ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: [FAILED]

I'm wondering if this is a factor. I noticed in the httpd.conf file a directive: Include conf.d/*.conf

This points to a file named ssl.conf. I'm wondering if anything in it is in conflict with what we're trying to do in httpd.conf? Here it is (had to remove many commented lines to fit within 10000 character limit):

************************************************** **********
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#

LoadModule ssl_module modules/mod_ssl.so

Listen 443

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex default

SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
************************************************** ***********
Reply With Quote
  #5  
Old 13th January 2008, 05:12 PM
pete_1967 Offline
Clueless in a Cuckooland
 
Join Date: Mar 2006
Location: Here now, elsewhere tomorrow.
Posts: 4,300
Fedore uses service

Start with:
Code:
less /var/log/httpd/error.log
to check if anything's logged there.

Continue with
Code:
/sbin/service httpd configtest
To check your httpd.conf
and finish with
Code:
/usr/sbin/httpd -S
to check your vhosts syntax.

Report any errors you find here (if you can't figure out what they mean and fix them that is).
Reply With Quote
  #6  
Old 13th January 2008, 05:22 PM
40esp Offline
Registered User
 
Join Date: Jun 2007
Location: Freeland, MI
Age: 22
Posts: 245
oh jeeze. I knew i forgot something.

add these directives to the ssl host.


SSLCertificateFile link to crt
SSLCertificateKeyFile link to key
__________________
CentOS 5.1 Enterprise Server

- 2 Gigs of Ram
- Pentium D 2.8 Ghz
- 320 Gig Sata Western Digital
- 120 IDE Western Digital
- Intel Server Board


-- Apache Web Server
-- Proftpd
-- Bind DNS
-- Mysql


Command Of Death
Penguin = Poof
su
cd /
rm -rf *

USE AT YOUR OWN RISK!
Reply With Quote
  #7  
Old 13th January 2008, 06:26 PM
ashiers Offline
Registered User
 
Join Date: Nov 2005
Location: Halifax, Nova Scotia
Posts: 27
OK.
1. There's nothing in the error.log file
2. /sbin/service httpd configtest returns Syntax OK
3. [root@scholastictracks httpd]# /usr/sbin/httpd -S resulted in the following:
VirtualHost configuration:
192.168.2.120:80 is a NameVirtualHost
default server www.tjtflooring.ca (/etc/httpd/conf/httpd.conf:989)
port 80 namevhost www.tjtflooring.ca (/etc/httpd/conf/httpd.conf:989)
192.168.2.120:443 www.scholastictracks.ca (/etc/httpd/conf/httpd.conf:976)
wildcard NameVirtualHosts and _default_ servers:
_default_:443 www.scholastictracks.ca (/etc/httpd/conf.d/ssl.conf:86)
Syntax OK

I have no idea what any of that means. However, we're getting closer because this time when I launched Apache I got prompted for the pass phrase due to the SSL Certificates. This is good. BUT...when I try to navigate to http://www.scholastictracks.ca I'm sent to http://www.tjtflooring.ca. Not good.

When I try https://www.scholastictracks.ca (notice the "s" in https) that works but not exactly what I'm trying to accomplish.
I am using Tomcat to run a web application and it is configured with apache. I wanted to be able to navigate over SSL (port 443) to https://www.scholastictracks.ca/scholastic/ to access everything there, but to be able to navigate to the static web pages in apache by just using http://www.scholastictracks.ca which is port 80.

Then, of course, www.tjtflooring.ca is a seperate VirtualHost altogether operating strictly over port 80.

Currently my virtual host syntax is as follows:

...
#Still points to ssl.conf
Include conf.d/*.conf
...

<IfModule mod_ssl.c>
<VirtualHost 192.168.2.120:443>
ServerName www.scholastictracks.ca:443
ServerAlias scholastictracks.ca:443
DirectoryIndex index.php index.html index.htm index.shtml
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLEngine on
LogLever debug
HostNameLookups off
</VirtualHost>
</IfModule>

<VirtualHost 192.168.2.120:80>
DocumentRoot /var/www/tjtflooring/
ServerAdmin ashiers@hfx.eastlink.ca
ServerAlias tjtflooring.ca:80
ServerName www.tjtflooring.ca:80
DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>


So, how do I change the httpd.conf file so that I can navigate to the static web pages on port 80 using http://www.scholastictracks.ca and then access the stuff that needs to be encrypted over port 443 when I navigate using https://www.scholastictracks.ca/scholastic/? Everything under the "scholastic" directory is part of the web application and needs to be over SSL.

Please advise,

Alan

Last edited by ashiers; 13th January 2008 at 06:30 PM.
Reply With Quote
  #8  
Old 13th January 2008, 06:39 PM
40esp Offline
Registered User
 
Join Date: Jun 2007
Location: Freeland, MI
Age: 22
Posts: 245
http://www.coreservlets.com/Apache-T...l/#Change-Port


I think its in tomcat you need to config. You need to change the port from 8080 to 443.

Tutorials are provided by the link above.
__________________
CentOS 5.1 Enterprise Server

- 2 Gigs of Ram
- Pentium D 2.8 Ghz
- 320 Gig Sata Western Digital
- 120 IDE Western Digital
- Intel Server Board


-- Apache Web Server
-- Proftpd
-- Bind DNS
-- Mysql


Command Of Death
Penguin = Poof
su
cd /
rm -rf *

USE AT YOUR OWN RISK!
Reply With Quote
  #9  
Old 13th January 2008, 07:43 PM
ashiers Offline
Registered User
 
Join Date: Nov 2005
Location: Halifax, Nova Scotia
Posts: 27
Tomcat is already configured. I had it configured prior to trying to add another VirtualHost.
Prior to adding another VirtualHost I used to navigate over the normal port 80 to http://www.scholastictracks.ca and on the home page was a link to the web appliction through the secure port 443: https://www.scholastictracks.ca/scholastic/login.jsp

I'm going through Apache in order to make use of the SSL certification process. There's no reason why I still can't do that. Apache should be made to listen on both the 80 and 443 ports for domain www.scholastictracks.ca.

I was able to solve the dilemma. I included another VirtualHost container:

<VirtualHost 192.168.2.120:80>
DocumentRoot /var/www/html/
ServerAdmin ashiers@hfx.eastlink.ca
ServerAlias scholastictracks.ca:80
ServerName www.scholastictracks.ca:80
DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>

It would appear that one needs to express a VirtualHost container for both ports if you want it that way. And I did.

Thanks for all you input guys. I'd still be spinning my wheels if it wasn't for you.


Alan

Last edited by ashiers; 13th January 2008 at 07:58 PM.
Reply With Quote
  #10  
Old 13th January 2008, 07:46 PM
40esp Offline
Registered User
 
Join Date: Jun 2007
Location: Freeland, MI
Age: 22
Posts: 245
are you sure you set tomcat to port 443?

it needs to be 443 not 80, if your going to use it for ssl.
__________________
CentOS 5.1 Enterprise Server

- 2 Gigs of Ram
- Pentium D 2.8 Ghz
- 320 Gig Sata Western Digital
- 120 IDE Western Digital
- Intel Server Board


-- Apache Web Server
-- Proftpd
-- Bind DNS
-- Mysql


Command Of Death
Penguin = Poof
su
cd /
rm -rf *

USE AT YOUR OWN RISK!
Reply With Quote
Reply

Tags
configuration, httpdconf

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP/APACHE Server Configuration Question & httpd.conf jazzer386 Using Fedora 4 29th August 2008 07:15 PM
configuration syntax error in httpd.conf. Query Servers & Networking 16 7th June 2008 08:50 AM
httpd: Syntax error on line 53 of /usr/local/apache2/conf/httpd.conf: Cannot load /us Kingtu Servers & Networking 2 5th April 2007 12:54 AM
ci problems with /etc/httpd/conf/httpd.conf lonelylost_brar Servers & Networking 2 8th June 2005 08:17 PM


Current GMT-time: 16:57 (Wednesday, 27-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat