If I could make a couple of suggestions for the ordinary user, 1. the "IfDefine" and "\IfDefine" tags in the example ssl.conf keep the SSL virtual host from starting with "apache2ctl start" if SSL isn't defined. SSL is defined in some cases by the init script but not by apache2ctl unless a specific command line option is given. This took a long time for me to figure out. My suggestion would be:
1) apache2ctl and the apache2 init script should by default start the server in the same configuration, as the init script itself suggests. 2) Please consider dropping the "IfDefine SSL" tag from the example ssh.conf; those who know how to use command-line options can easily add it if they need to. Virtual hosts can already be added or disabled by linking them into sites-enabled. The first-time user should be able to do basic configuration and run the server without command-line options. 2. The example ssl.conf file contains a "Listen 443" directive before the virtualhost section, but some of the how-to files suggest adding this directive to the ports.conf file. If it is present in both places, apache2ctl configtest gives "OK" but the server fails to fully start. My suggestion would be to keep the "Listen 443" directives in the ports.conf file, since that is apparently what the file is for, and have apache2ctl warn if more than one "Listen 443" directive is present or if there is a virtual host on 443 but no listen statement. An alternative would be to simply listen on all ports that have virtual hosts. Finally, here is my current ssl.conf file: I think it would be helpful to give a very short but workable example in the hosts-available directory so the user can get it going. SSLRandomSeed startup builtin SSLRandomSeed connect builtin AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex #edit the following four lines for your site <VirtualHost ssl.myhost.org:443> DocumentRoot "/var/www" ServerName ssl.myhost.org:443 ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/apache2/ssl.error_log TransferLog /var/log/apache2/ssl.access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL #change the following two files to the files in /etc/apache2/ssl SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/1a2d4a6c.0 </VirtualHost> Finally, a README.ssl file in the /etc/apache2 directory could give the following steps: 1) create a self-signed certificate and key file in /etc/apache2/ssl 2) add "Listen 443" to "ports.conf" 3) edit the /etc/hosts/available/ssl.conf file (noting that one can either use the same hostname for https or a different virtual hostname). 3) enable the ssl virtual host by linking it to /etc/apache2/hosts-enabled 4) restart apache2 with apache2ctl configtest; apache2ctl restart This is great software; I just want to save time for the many people who use Debian. Respectfully, Dan Woodard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
