Jump to content
The Uniform Server Community
Sign in to follow this  
jdk

ssl problems

Recommended Posts

First, thank you for sharing Uniform Server. It is great!

 

I have used Uniform Server to set up 5 Joomla powered sites on one IP address using name based virtualhosts. I am attempting to set it up so that the sites are served via port 80, but allow login and administrator (backend) access via ssl port 443. I have read and followed the example on the wiki. I installed mod_ssl using the file posted. I edited httpd.conf to specify that the virtualhosts use port 80 by appending ":80" to each virtualhost. I edited ssl.conf using the examples provided, removing the default_secure virtualhost, and adding virtualhosts for each of my sites. I comented out Require valid-user for each.

 

My problem: When I try to access the first virtualhost site via ssl, I am taken to the login for the second site's login page.

 

I would be most appreciative for any input.

 

Thanks,

 

J

My ssl.conf looks like this:

 

=====================================================================

 

#################### Global SSL ##########################

Listen 443

#== Some MIME-types for downloading Certificates and CRLs

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

 

#== Pass Phrase Dialog:(`builtin' is a internal terminal dialog)

SSLPassPhraseDialog builtin

 

#== Inter-Process Session Cache:

 

##SSLSessionCache none

##SSLSessionCacheTimeout 300

 

SSLSessionCache shmcb:logs/ssl_scache(512000)

SSLSessionCacheTimeout 300

 

#== SSL engine uses internally for inter-process synchronization.

SSLMutex default

 

#== Pseudo Random Number Generator (PRNG):

 

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

 

 

 

########### SSL Virtual Host ############################

 

NameVirtualHost domain:443

 

<VirtualHost domain:443>

 

ServerName domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder1">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

 

##############################################################

 

NameVirtualHost site2.domain:443

 

<VirtualHost site2.domain:443>

 

ServerName site2.domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder2">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

##############################################################

 

NameVirtualHost site3.domain:443

 

<VirtualHost site3.domain:443>

 

ServerName site3.domain

DocumentRoot /www/folder3

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder3">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

==========================================================================================

##############################################################

 

NameVirtualHost site4.domain:443

 

<VirtualHost site4.domain:443>

 

ServerName site4.domain

DocumentRoot /www/folder4

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder4">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

==============================================================================

##############################################################

 

NameVirtualHost site5.domain:443

 

<VirtualHost site5.domain:443>

 

ServerName site5.domain

DocumentRoot /www/folder5

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder5">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

=======================================================

Share this post


Link to post
Share on other sites

Problem solved. I inserted a virtualhost directive first in the list for default_secure. Now, I am running my Joomla sites over port 80 with users and administrators l9ogging in ssl port 443. If you took the time to read this - please accept my apology for taking up your time. I am bumbling through this and slowly learning.

 

Cheers!!

 

J

 

First, thank you for sharing Uniform Server. It is great!

 

I have used Uniform Server to set up 5 Joomla powered sites on one IP address using name based virtualhosts. I am attempting to set it up so that the sites are served via port 80, but allow login and administrator (backend) access via ssl port 443. I have read and followed the example on the wiki. I installed mod_ssl using the file posted. I edited httpd.conf to specify that the virtualhosts use port 80 by appending ":80" to each virtualhost. I edited ssl.conf using the examples provided, removing the default_secure virtualhost, and adding virtualhosts for each of my sites. I comented out Require valid-user for each.

 

My problem: When I try to access the first virtualhost site via ssl, I am taken to the login for the second site's login page.

 

I would be most appreciative for any input.

 

Thanks,

 

J

My ssl.conf looks like this:

 

=====================================================================

 

#################### Global SSL ##########################

Listen 443

#== Some MIME-types for downloading Certificates and CRLs

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

 

#== Pass Phrase Dialog:(`builtin' is a internal terminal dialog)

SSLPassPhraseDialog builtin

 

#== Inter-Process Session Cache:

 

##SSLSessionCache none

##SSLSessionCacheTimeout 300

 

SSLSessionCache shmcb:logs/ssl_scache(512000)

SSLSessionCacheTimeout 300

 

#== SSL engine uses internally for inter-process synchronization.

SSLMutex default

 

#== Pseudo Random Number Generator (PRNG):

 

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

########### SSL Virtual Host ############################

 

NameVirtualHost domain:443

 

<VirtualHost domain:443>

 

ServerName domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder1">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

##############################################################

 

NameVirtualHost site2.domain:443

 

<VirtualHost site2.domain:443>

 

ServerName site2.domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder2">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

##############################################################

 

NameVirtualHost site3.domain:443

 

<VirtualHost site3.domain:443>

 

ServerName site3.domain

DocumentRoot /www/folder3

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder3">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

==========================================================================================

##############################################################

 

NameVirtualHost site4.domain:443

 

<VirtualHost site4.domain:443>

 

ServerName site4.domain

DocumentRoot /www/folder4

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder4">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

==============================================================================

##############################################################

 

NameVirtualHost site5.domain:443

 

<VirtualHost site5.domain:443>

 

ServerName site5.domain

DocumentRoot /www/folder5

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder5">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

=======================================================

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...