ssl problems

[jdk]

First, thank you for sharing Uniform Server. It is great!

 

I have used Uniform Server to set up 5 Joomla powered sites on one IP address using name based virtualhosts. I am attempting to set it up so that the sites are served via port 80, but allow login and administrator (backend) access via ssl port 443. I have read and followed the example on the wiki. I installed mod_ssl using the file posted. I edited httpd.conf to specify that the virtualhosts use port 80 by appending ":80" to each virtualhost. I edited ssl.conf using the examples provided, removing the default_secure virtualhost, and adding virtualhosts for each of my sites. I comented out Require valid-user for each.

 

My problem: When I try to access the first virtualhost site via ssl, I am taken to the login for the second site's login page.

 

I would be most appreciative for any input.

 

Thanks,

 

J

My ssl.conf looks like this:

 

=====================================================================

 

#################### Global SSL ##########################

Listen 443

#== Some MIME-types for downloading Certificates and CRLs

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

 

#== Pass Phrase Dialog:(`builtin' is a internal terminal dialog)

SSLPassPhraseDialog builtin

 

#== Inter-Process Session Cache:

 

##SSLSessionCache none

##SSLSessionCacheTimeout 300

 

SSLSessionCache shmcb:logs/ssl_scache(512000)

SSLSessionCacheTimeout 300

 

#== SSL engine uses internally for inter-process synchronization.

SSLMutex default

 

#== Pseudo Random Number Generator (PRNG):

 

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

 

 

 

########### SSL Virtual Host ############################

 

NameVirtualHost domain:443

 

<VirtualHost domain:443>

 

ServerName domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder1">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

 

##############################################################

 

NameVirtualHost site2.domain:443

 

<VirtualHost site2.domain:443>

 

ServerName site2.domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder2">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

##############################################################

 

NameVirtualHost site3.domain:443

 

<VirtualHost site3.domain:443>

 

ServerName site3.domain

DocumentRoot /www/folder3

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder3">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

==========================================================================================

##############################################################

 

NameVirtualHost site4.domain:443

 

<VirtualHost site4.domain:443>

 

ServerName site4.domain

DocumentRoot /www/folder4

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder4">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

==============================================================================

##############################################################

 

NameVirtualHost site5.domain:443

 

<VirtualHost site5.domain:443>

 

ServerName site5.domain

DocumentRoot /www/folder5

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder5">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

 

 

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

 

</VirtualHost>

 

=======================================================

[jdk]

Problem solved. I inserted a virtualhost directive first in the list for default_secure. Now, I am running my Joomla sites over port 80 with users and administrators l9ogging in ssl port 443. If you took the time to read this - please accept my apology for taking up your time. I am bumbling through this and slowly learning.

 

Cheers!!

 

J

 

First, thank you for sharing Uniform Server. It is great!

 

I have used Uniform Server to set up 5 Joomla powered sites on one IP address using name based virtualhosts. I am attempting to set it up so that the sites are served via port 80, but allow login and administrator (backend) access via ssl port 443. I have read and followed the example on the wiki. I installed mod_ssl using the file posted. I edited httpd.conf to specify that the virtualhosts use port 80 by appending ":80" to each virtualhost. I edited ssl.conf using the examples provided, removing the default_secure virtualhost, and adding virtualhosts for each of my sites. I comented out Require valid-user for each.

 

My problem: When I try to access the first virtualhost site via ssl, I am taken to the login for the second site's login page.

 

I would be most appreciative for any input.

 

Thanks,

 

J

My ssl.conf looks like this:

 

=====================================================================

 

#################### Global SSL ##########################

Listen 443

#== Some MIME-types for downloading Certificates and CRLs

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

 

#== Pass Phrase Dialog:(`builtin' is a internal terminal dialog)

SSLPassPhraseDialog builtin

 

#== Inter-Process Session Cache:

 

##SSLSessionCache none

##SSLSessionCacheTimeout 300

 

SSLSessionCache shmcb:logs/ssl_scache(512000)

SSLSessionCacheTimeout 300

 

#== SSL engine uses internally for inter-process synchronization.

SSLMutex default

 

#== Pseudo Random Number Generator (PRNG):

 

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

########### SSL Virtual Host ############################

 

NameVirtualHost domain:443

 

<VirtualHost domain:443>

 

ServerName domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder1">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

##############################################################

 

NameVirtualHost site2.domain:443

 

<VirtualHost site2.domain:443>

 

ServerName site2.domain

DocumentRoot /www/folder1

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder2">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

##############################################################

 

NameVirtualHost site3.domain:443

 

<VirtualHost site3.domain:443>

 

ServerName site3.domain

DocumentRoot /www/folder3

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder3">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

==========================================================================================

##############################################################

 

NameVirtualHost site4.domain:443

 

<VirtualHost site4.domain:443>

 

ServerName site4.domain

DocumentRoot /www/folder4

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder4">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

==============================================================================

##############################################################

 

NameVirtualHost site5.domain:443

 

<VirtualHost site5.domain:443>

 

ServerName site5.domain

DocumentRoot /www/folder5

ServerAdmin you@example.com

 

ErrorLog logs/error_ssl.log

TransferLog logs/access_ssl.log

 

#== SSL Engine Switch:

SSLEngine on

 

#== SSL Cipher Suite:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLProtocol all -SSLv2

 

#== Server Certificate:

SSLCertificateFile conf/ssl.crt/server.crt

 

#== Server Private Key:

SSLCertificateKeyFile conf/ssl.key/server.key

 

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

 

#== SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</FilesMatch>

 

<Directory "/home/admin/www/cgi-bin/">

SSLOptions +StdEnvVars

</Directory>

 

#== Basic authentication

 

<Directory "/www/folder5">

AuthName "Uniform Server - Unicenter Demo Server Access"

AuthType Basic

AuthUserFile /htpasswd/modsslpass/.htpasswd

#Require valid-user

</Directory>

#== Most problems of broken clients are related to the HTTP

# keep-alive facility. Disable keep-alive for those clients.

SetEnvIf User-Agent ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

 

#== Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a

# compact non-error SSL logfile on a virtual host basis.

CustomLog logs/ssl_request.log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

=======================================================