Bug#505894: apache2-mpm-prefork: Default ports.conf contains VirtualHost that may conflict with current configuration

[Stefan Fritsch <sf@debian.org>]

On Wednesday 19 November 2008, you wrote:
> There seems to be some general confusion over using SSL since
> recent changes in both Etch and Lenny. Several HOT-TO articles show
> a "NameVirtualHost *:443" example [for Etch] which, from what I've
> read, are not supported. I got it working by just adding a separate
> VirtualHost for *:443 using the default ports.conf so this change
> seems like a step towards easier configuration.
>
> I presume the recommended way to support both http and https for a
> given Document Root is to duplicate the <VirtualHost *:80>
> configuration inside <VirtualHost *:443> tags?
> Or is it acceptable to use nested VirtualHost tags?

The recommended way is shown 
in /etc/apache2/sites-available/default-ssl . Just call "a2ensite 
default-ssl".

Name based virtual hosts are not supported with SSL. And the *:port 
syntax is only for name based virtual hosts. One should use 
<VirtualHost _default_:443> or <VirtualHost 10.1.2.3:443> for SSL 
virtual hosts.

The method described in many etch how-tos with "NameVirtualHost *:443" 
won't work with more than one SSL virtual host.

See also http://httpd.apache.org/docs/2.2/vhosts/

Cheers,
Stefan