Secret Squirrel time, SSL for Apache 2.2 on CentOS 5.2

Secret Squirrel

As with most of the things on the new server, getting the basics have been a breeze. Nothing worth writing about.  The stuff I do write about will be as much for me to document (ewwww!, no self respecting developer likes to document anything :) ) what I’ve done as it is to share the info.

The first thing I needed to do was to generate a self signed certificate.  A quick Google search turned up more than enough results, so I won’t bother re-inviting the wheel and write about it again.

Where I ran into problems was when I tried to get ssl working with a virtual host.  Yes, I know the issues related to ssl and virtual hosts.  I have a handful of websites that will run off of the server and I wanted them to all be set up the same.  My plan was to make them all virtual hosts and have nothing resolve the the default site.  The seannewby.com site is the only domain that will be configured for ssl.

I had set up the virtual hosts using CentOS’s gui tools.

My httpd.conf file looked like this well close (Just like Sgt Friday, some of the values have been changed to protect the innocent; ME):

Listen 80
#
# Use name-based virtual hosting.
#
NameVirtualHost 192.168.1.50        

# Virtual host seannewby.com
<VirtualHost  192.168.1.50>
 	DocumentRoot /home/www/sites/seannewby.com
 	ServerName www.seannewby.com
         ServerAlias seannewby.com
	DirectoryIndex index.php index.html index.htm index.shtml
</Virtualhost>
# Virtual host hamsandwich
<VirtualHost  192.168.1.50>
 	DocumentRoot /home/www/sites/hamsandwich.com
 	ServerName www.hamsandwich.com
         ServerAlias hamsandwich.com
	DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>

And my ssl.conf file had a ton of stuff in it.  The key entries for the virtual host looked like this:

Listen 443
<VirtualHost _default_>

	# General setup for the virtual host, inherited from global configuration
	#DocumentRoot "/var/www/html"
	#ServerName www.example.com:443
	SSLEngine on

	....Lots of stuff removed....	

</VirtualHost>

Now, if I remember correctly, I was able to get to the default site (the apache documentation) through ssl at this point.

I experimented with different values in the ssl.conf file doing things like this:

Listen 443
<VirtualHost 192.168.1.50:443>

	# General setup for the virtual host, inherited from global configuration
 	DocumentRoot /home/www/sites/seannewby.com
 	ServerName www.seannewby.com
         ServerAlias seannewby.com
	SSLEngine on

	....Lots of stuff removed....	

</VirtualHost>

or this:

Listen 443
<VirtualHost www.seannewby.com:443>

	# General setup for the virtual host, inherited from global configuration
 	DocumentRoot /home/www/sites/seannewby.com
 	ServerName www.seannewby.com
         ServerAlias seannewby.com
	SSLEngine on

	....Lots of stuff removed....	

</VirtualHost>

I was in full fledged hackapalooza mode and I don’t remember all of the different variations I tried, just that they didn’t fully work.  Sometimes https://www.seannewby.com worked, but http://www.seannewby.com would display an error saying the site only accepted https traffic.

Other errors included an one in Firefox stating the server gave an incorrect ssl response that was too long.  I also frequently saw the warning “Combining * with non * virtual host not supported.  Starting with uncertain results” when restarting apache.

I’m sure any apache pros are shaking their heads right now, but I’m a Newby (yes, that really is my name) so I’ll use that as my excuse.  Besides, I’m much more of a developer; admin, not so much.

Anyways, the Apache warning led me down the path to finally get it working. I needed to include port information on all of the VirtualHost tags.  This is what the working config looks like.

httpd.conf:

Listen 80
#
# Use name-based virtual hosting.
#
NameVirtualHost 192.168.1.50:80        

# Virtual host seannewby.com
<VirtualHost  192.168.1.50:80>
 	DocumentRoot /home/www/sites/seannewby.com
 	ServerName www.seannewby.com
         ServerAlias seannewby.com
	DirectoryIndex index.php index.html index.htm index.shtml
 	LogLevel debug
 	HostNameLookups off
</Virtualhost>
# Virtual host hamsandwich
<VirtualHost  192.168.1.50:80>
 	DocumentRoot /home/www/sites/hamsandwich.com
 	ServerName www.hamsandwich.com
         ServerAlias hamsandwich.com
	DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>

ssl.conf (note the addition of the NameVirtualHost:

Listen 443

##
## SSL Virtual Host Context
##
NameVirtualHost 192.168.1.50:443
<VirtualHost 192.168.1.50:443>
 	DocumentRoot /home/www/sites/seannewby.com
 	ServerName www.seannewby.com
         ServerAlias seannewby.com
	DirectoryIndex index.php index.html index.htm index.shtml
	....Lots of stuff removed....
</VirtualHost>

Now, I’m sure there are more tweeks I could make, like removing the IP address altogether, but it works now, so I’ll probably leave it.

December 25th, 2008 in Technology