[olug] apache w/ mod_ssl, http on 80 and https on 443?

Brian Wiese bwiese at cotse.com
Sun Sep 28 07:06:40 UTC 2003


please see below.

On Sat, 27 Sep 2003 22:51:28 -0500
Daniel Pfile <daniel at pfile.net> wrote:

|Brian Wiese wrote:
|
|> is that possible?  I'm having the darnest config with apache w/
|> mod_ssl... it seems SSL is an all or nothing game.  Can one configure a
|> regular apache server to listen to both HTTP on port 80 and HTTPS on
|> port 443 at the same time?
|> 
|> Doesn't eem so for me, don't know why... here's some sample config...
|> any ideas?  Do I need to run 2 seperate apache servers, one to listen
|> HTTP on port 80 and one to listen HTTPS on port 443?
|> 
|> Thanks... (I've had this problem before, but got annoyed at running 2
|> apaches I guess)
|> 
|
|Wrap your generic ssl config stuff in an <ifmodule mod_ssl.c>. Stuff 
|like session cache, mutex, seeds, passphrase dialog, etc. Then create a 
|virtualhost for ssl. You can run it on the same IP you use for the main 
|server. Something like:
|
|<Virtualhost your.ip.addy:443>
|# normal vhost type stuff, if you want it, read the docs.
|SSLEngine On
|SSLCertificateFile    /path/to/ssl.crt/server.crt
|SSLCertificateKeyFile /path/to/ssl.key/server.key
|SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|</VirtualHost>
|
|Hope that gets you pointed in the right direction. Read apache's docs, 
|they're pretty good.
|
|-- Daniel

Thanks Dan, but I'm still at the same point.. my problem is getting apache
to both LISTEN on 443 for HTTPS and on 80 for HTTP.  I feel it's just my
"Port" and "Listen" lines that need help in configuration.  Could you
point out for me how you have your's setup?  Using the standard docs as
reference is what has been giving me the error, and this is what I get
trying to access port 80...

-----------------------------------
Bad Request
Your browser sent a request that this server could not understand.

Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

    Hint: https://acm:443/

Apache/1.3.26 Server at acm Port 443
------------------------------------
in the ssl-error-log
[28/Sep/2003 01:48:19 12791] [error] SSL handshake failed: HTTP spoken on
HTTPS port; trying to send HTML error page (OpenSSL library error
follows)[28/Sep/2003 01:48:19 12791] [error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS
port!?][28/Sep/2003 01:48:19 12792] [error] SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page (OpenSSL library
error follows)[28/Sep/2003 01:48:19 12792] [error] OpenSSL:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint:
speaking HTTP to HTTPS port!?]

I have "Port 80" in my global config, and in my <ifmodule mod_ssl.c>
"Listen 80"
"Listen 443"

This is the only way I've been able to show apache listening on both by
doing a netstat -lt, unfortunately only 1 port is working.  "Listen"
statements are not allowed within virtual host directives...  any
suggestions?

Just to be complete, I can send the httpd.conf file as well (wont get
through the mailing list though).

Brian


More information about the OLUG mailing list