On Sun, Aug 13, 2000 at 09:19:20AM -0300, John Ackermann wrote: > I've been running Apache successfully for a long time, and would like > to add a secured virtual site to my collection. I tried installing > Debian apache-ssl but ran into a brick wall figuring out how to make it > work both for normal http on port 80, and https on port whatever. > Could some kind soul give me a pointer on how to set this up. All the > documentation I've found for apache-ssl seems to assume that you're > going to run only a secure site, and not a mix. Run apache (regular) on port 80 and apache-ssl on 443. I've got my box at work set up like this. Just roll out the packages and start flying. Nothing tricky. If you get stuck, post back to the list (and maybe ping me on the side). > (By the way -- I know that in an e-commerce setting you'd want the > secure server to be on a separate box. I'm not doing anything nearly > that critical, so don't mind the risk of having both secure and > unsecure servers running on the same machine.) Not necessarily, AFAIK . Regular-mode apache and apache-ssl don't share address space, and if configured properly, are working from different document roots. The "risk" is about the same as having multiple accounts on the same system. Apache is pretty bulletproof -- there aren't a whole mess of security problems associated with it (security tends to be compromised through CGIs instead). Here's a different analogy: apache and apache-ssl are like having telnet and ssh on the same box. The fact that telnet is inherently insecure in terms of data and session *doesn't* mean that ssh is insecure, *so long as* no data are allowed to traverse the telnet channel which would allow a compromise through ssh (eg: userid/password). So if the telnet were configured for unprivileged user access in a chroot jail with very little command functionality (an approximation of a standard http session), the risk is low. Not that I'm advocating use of telnet to anyone. -- Karsten M. Self <email@example.com> http://www.netcom.com/~kmself Evangelist, Opensales, Inc. http://www.opensales.org What part of "Gestalt" don't you understand? Debian GNU/Linux rocks! http://gestalt-system.sourceforge.net/ K5: http://www.kuro5hin.org GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0  Though I claim no expertise.
Description: PGP signature