[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: httpd.conf



This appears at the very end of my httpd.conf in the /etc/apache directory
hopefullywhen you add these lines and uncomment and customize this conf.
you're question mite be answeredSubin.

# ----------------------------SSL----------------------------------
# This is an example configuration file for Apache-SSL.
# Copyright (C) 1995,6,7 Ben Laurie

# By popular demand, this file now illustrates the way to create two
websites,
# one secured (on port 8887), the other not (on port 8888).

# You may need one of thse
#User webuser
#User ben
#Group group

# SSL Servers MUST be standalone, currently.
#ServerType standalone

# The default port for SSL is 443...
#Port 8887
#Listen ServerPort
Listen 443

# My test document root
#DocumentRoot /u/ben/www/1/docs
#DocumentRoot /u/ben/apache/apache_1.3.0-ssl/htdocs

#<Directory /u/ben/apache/apache_1.3.0-ssl/htdocs/manual>
# This directive forbids access except when SSL is in use. Very handy for
# defending against configuration errors that expose stuff that should be
# protected
#SSLRequireSSL
#</Directory>

# Watch what's going on
#TransferLog /var/log/apache-ssl/transfer.log

# Note that all SSL options can apply to virtual hosts.

# Disable SSL. Useful in combination with virtual hosts. Note that SSLEnable
is
# now also supported.
SSLEnable

# Set the path for the global cache server executable.
# If this facility gives you trouble, you can disable it by setting
# CACHE_SESSIONS to FALSE in apache_ssl.c
SSLCacheServerPath /usr/lib/apache-ssl/gcache

# Set the global cache server port number, or path. If it is a path, a Unix
# domain socket is used. If a number, a TCP socket.
SSLCacheServerPort /var/run/gcache_port
#SSLCacheServerPort 1234

# Set the session cache timeout, in seconds (set to 15 for testing, use a
# higher value in real life)
SSLSessionCacheTimeout 15

# Set the CA certificate verification path (must be PEM encoded).
# (in addition to getenv("SSL_CERT_DIR"), I think).
#SSLCACertificatePath /u/ben/apache/apache_1.2.5-ssl/SSLconf/conf
SSLCACertificatePath /etc/apache-ssl

# Set the CA certificate verification file (must be PEM encoded).
# (in addition to getenv("SSL_CERT_FILE"), I think).
#SSLCACertificateFile /some/where/somefile
#SSLCACertificateFile /u/ben/apache/apache_1.2.5-ssl/SSLconf/conf/httpsd.pem

# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass
phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
SSLCertificateFile /etc/apache-ssl/apache.pem
#SSLCertificateFile /u/ben/apache/apache_1.2.6-ssl/SSLconf/conf/t1.pem


# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an absolute
# path, otherwise it is relative to the default certificate area. That is,
it
# means "<default>/private/<keyfile>".
#SSLCertificateKeyFile /some/place/with/your.key

# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required to
#   have a valid CA
SSLVerifyClient 0
# How deeply to verify before deciding they don't have a valid certificate
SSLVerifyDepth 10

# Translate the client X509 into a Basic authorisation. This means that the
# standard Auth/DBMAuth methods can be used for access control. The user
name
# is the "one line" version of the client's X509 certificate. Note that no
# password is obtained from the user. Every entry in the user file needs
this
# password: xxj31ZMTZzkVA. See the code for further explanation.
SSLFakeBasicAuth

# List the ciphers that the client is permitted to negotiate. See the source
# for a definitive list. For example:
#SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA

# These two can be used per-directory to require or ban ciphers. Note that
(at
# least in the current version) Apache-SSL will not attempt to renegotiate
if a
# cipher is banned (or not required).
#SSLRequireCipher
#SSLBanCipher

# A home for miscellaneous rubbish generated by SSL. Much of it is
duplicated
# in the error log file. Put this somewhere where it cannot be used for
symlink
# attacks on a real server (i.e. somewhere where only root can write).
#SSLLogFile /var/log/ssl.log

# Custom logging
CustomLog	/var/log/apache-ssl/ssl.log "%t %{version}c %{cipher}c
%{clientcert}c"

#<VirtualHost scuzzy:8888>
#SSLDisable
#SSLEnable
#</VirtualHost>

# If you want, you can disable SSL globally, and enable it in a virtual
host...
#<VirtualHost scuzzy:8887>
#SSLEnable
# and the rest of the SSL stuf...
#</VirtualHost>

# Experiment with authorization...
#<Directory /u/ben/www/1/docs>
#AuthType Basic
#AuthName Experimental
#AuthGroupFile /dev/null
#AuthUserFile /u/ben/www/1/users
#<Limit PUT GET>
#allow from all
#require valid-user
#</Limit>
#</Directory>

#ScriptAlias	/scripts	/u/ben/www/scripts

#<VirtualHost ServerName:443>
#SSLEnable
#</VirtualHost>
#Include /etc/phpmyadmin/apache.conf
----- Original Message ----- 
From: "Monique Y. Mudama" <spam@bounceswoosh.org>
To: <debian-user@lists.debian.org>
Sent: Tuesday, April 20, 2004 12:30 PM
Subject: Re: httpd.conf


> On 2004-04-20, Linux Nick penned:
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_000_0048_01C426B2.FD4F8DE0 Content-Type: text/plain;
> > charset="US-ASCII" Content-Transfer-Encoding: 7bit
> >
> > Does anyone have a working httpd.conf file that they could send me,
> > directly or to the list? One that is hosting 2 sites in vhosts. Im
> > really looking for one that is hosting on secure and one that is
> > unsecure, but ill take just one with 2 working vhsots.  Im tired of
> > looking at "sample" configs they never seem to work, I want one in
> > production right now that is known to work.
> >
> > Also is it possible to host 1 secure site and 1 unsecure site on the
> > same address and when they put the https: instead of the http: the
> > server automaticly knows which one to serve? Or would I have to change
> > the name of one to be ssl.domain.com and the other www.domain.com?
>
> Rather than trying to do it all in one file, install both the apache and
> the apache-ssl packages.  You will then have separate configuration
> files for your secure and insecure servers, one in /etc/apache, one in
> /etc/apache-ssl.
>
> HTTPS uses a different port by default than does HTTP, so there should
> be no naming or IP issue.
>
> -- 
> monique
>
>
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>




Reply to: