grabby Posted January 27, 2012 Report Share Posted January 27, 2012 I’m trying to set up a local test environment on XP for a site that was in production on a linux server. It’s an ecommerce site using Drupal and its Secure Pages module, which allowed certain pages to redirect to https versions. I installed the site in www/mysite by creating a virtual host for mysite.com and generated a certificate. The non-secure part of the site works fine, but the secure pages aren’t getting served (404). I modified ssl.conf to point to the www directory since that’s where the site is located, but this didn’t help. I also tried putting the whole site in the ssl directory, but nothing changed – the non-secure part worked and the secure part wasn’t served. When I click “View ssl” it gives me the index page for www, or ssl when I tried it there. I’m stuck and would appreciate any help with this! Quote Link to comment Share on other sites More sharing options...
BobS Posted January 27, 2012 Report Share Posted January 27, 2012 First off, what VERSION of The Uniform Server are you using? This makes a BIG difference in what to look for. There are a number of factors here to look at. You "confused" things a bit by setting up both ssl AND vhosts. I've never tried that combo, so bear with me. Note that in reality, ssl is a special case vhost. It still should work. Check the vhosts portion of the httpd.conf file (at the end). This is the most likely area for the problem. Check your HOSTS file. It needs the following entry:127.0.0.1 mysite.comProbably this is okay, depending on The Uniform Server version. I suggest that if you want to see the live site and also test with The Uniform Server that you DON'T use the exact same site name. So if your production site is mysite,com, use mysite.org, for example. I'm going to set this up on a VM to see what's needed. I'm going to use 7-Orion to begin. Regards,BobS Quote Link to comment Share on other sites More sharing options...
grabby Posted January 27, 2012 Author Report Share Posted January 27, 2012 Hi Bob, Thanks for the reply. I’m running Coral 8.0.0. There’s no problem with the hosts file, as it has 127.0.0.1 mysite.com listed. If this hadn’t been there I don’t think the non-secure part of the site would have worked. The end of my httpd.conf looks like this ##====== VIRTUAL HOST ===========#To enable uncomment next line Include conf/extra/httpd-vhosts.conf ### Section 4: Secure section # Secure (SSL/TLS) connections# Include conf/ssl.conf## Note: The following must must be present to support# starting without SSL on platforms with no /dev/random equivalent# but a statically compiled-in mod_ssl.##<IfModule ssl_module># SSLRandomSeed startup builtin# SSLRandomSeed connect builtin#</IfModule> # Distributed authoring and versioning (WebDAV)#Include conf/extra/httpd-dav.conf <IfModule mod_ssl.c> Include conf/extra/ssl.conf</IfModule> My httpd-vhosts is as follows: <VirtualHost _default_:80> DocumentRoot D:/UniServer/www ServerName localhost ErrorLog "logs/error.log" CustomLog "logs/access.log" common</VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@mysite.com DocumentRoot D:/UniServer/www/mysite ServerName mysite.com ServerAlias www.mysite.com *.mysite.com ErrorLog logs/mysite.com-error.log CustomLog logs/mysite.com-access.log common</VirtualHost> Another thing I don’t understand exactly is that when I go to https://mysite.com/ I get the UniServer index page in the www directory whereas when I go to http://mysite.com/ I get my site’s front page, which isn’t secure. Thanks for helping to investigate this! Quote Link to comment Share on other sites More sharing options...
Yoni Posted January 27, 2012 Report Share Posted January 27, 2012 Hi Bob, Thanks for the reply. I’m running Coral 8.0.0..... The first thing you would do is to move your vhosts folder and sites off of the www folder and update your vhosts path. Uniserver/www/Uniserver/vhost/mysite1Uniserver/vhost/mysite2 Open Uniserver/usr/local/apache2/conf/httpd.conf and towards the end you should have your Virtual Host configuration... make sure it reads as folow: ##====== VIRTUAL HOST =========== Include conf/extra/httpd-vhosts.conf <IfModule mod_ssl.c> Include conf/extra/ssl.conf </IfModule> That's it! There is no need to mess with your httpd.conf anymore. Everything else will be managed from the /extra/vhosts.conf & /extra/ssl.conf (loving its simplicity ) Open vhosts.conf and edit as needed... #BEFORE NAMEVIRTUALHOST <Directory "C:/UniServer/vhosts"> Order Deny,Allow Allow from all </Directory> #NOW YOUR VIRTUAL HOST DECLARATION #--US_START--------------Do not remove NameVirtualHost *:80 #--US_END----------------Do not remove # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost *:80> DocumentRoot C:/UniServer/www ServerName localhost ServerAlias localhost ErrorLog "logs/error.log" CustomLog "logs/access.log" common </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@mysite1.com DocumentRoot C:/UniServer/vhosts/mysite1 ServerName mysite1.com ServerAlias mysite1.com ErrorLog logs/mysite1.com.log CustomLog logs/mysite1.com-access.log common </VirtualHost> Open ssl.conf and edit as needed... ########### SSL Virtual Host ############################ NameVirtualHost *:443 <VirtualHost _default_:443> ServerName localhost DocumentRoot C:/UniServer/vhosts/mysite1 ServerAdmin webmaster@mysite1.com ErrorLog logs/error_ssl.log TransferLog logs/access_ssl.log #== SSL Engine Switch: SSLEngine on SSLOptions +StrictRequire #== SSL Cipher Suite: SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM #== Server Certificate: SSLCertificateFile C:/UniServer/usr/local/apache2/server_certs/server.crt #== Server Private Key: SSLCertificateKeyFile C:/UniServer/usr/local/apache2/server_certs/server.key #== StartSSL certificate chain for class 1 certificates # Disable when using a self-signed certificate # Enable remove # disable add # #SSLCertificateChainFile C:/UniServer/usr/local/apache2/server_certs/sub.class1.server.ca.pem #SSLCACertificateFile C:/UniServer/usr/local/apache2/server_certs/ca.pem SSLVerifyClient none SSLProxyEngine off #== Server Root folder: <Directory "C:/UniServer/ssl"> AllowOverride All Order allow,deny Allow from all SSLRequireSSL </Directory> #== Most problems of broken clients are related to the HTTP # keep-alive facility. Disable keep-alive for those clients. SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> ########################SUBDOMAIN SAMPLE ############ <VirtualHost *:443> ServerAdmin admin@mysite1.com ServerName subdomain.mysite1.com ServerAlias *.mysite1.com DocumentRoot C:/UniServer/vhosts/mysite1/subdomain ErrorLog logs/error_ssl.log TransferLog logs/access_ssl.log SSLEngine On SSLOptions +StrictRequire #== SSL Cipher Suite: SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLCertificateFile C:/UniServer/usr/local/apache2/server_certs/server.crt SSLCertificateKeyFile C:/UniServer/usr/local/apache2/server_certs/server.key SSLVerifyClient none SSLProxyEngine off </VirtualHost> Hope this help Quote <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Link to comment Share on other sites More sharing options...
BobS Posted January 28, 2012 Report Share Posted January 28, 2012 Wow! Thanks, Yoni! That should help grabby a lot. I'm still going to do this test myself, but I think you've put your finger on his problem. Regards,BobS Quote Link to comment Share on other sites More sharing options...
grabby Posted January 28, 2012 Author Report Share Posted January 28, 2012 Hi Yoni, Bob’s right, it sure helped a lot, everything’s working perfectly! Now I’m going to get greedy and try to set up another partially secure site in the same installation, but I don’t see why it shouldn’t work, at least in this dev setup I’m working in. Thanks again! Quote Link to comment Share on other sites More sharing options...
Yoni Posted February 1, 2012 Report Share Posted February 1, 2012 Hi Yoni, Bob’s right, it sure helped a lot, everything’s working perfectly! Now I’m going to get greedy and try to set up another partially secure site in the same installation, but I don’t see why it shouldn’t work, at least in this dev setup I’m working in. Thanks again!Awesome! Glad you figured it out. Quote <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.