If I'm not mistaken, you should use only ONE overall
ServerName-directive in your configs, the rest should be handled with
ServerAlias (even having multiple VHosts)
Meaning, if you change
ServerName xyz.domain.com
to
ServerAlias xyz.domain.com
it should work.
Cheers
Gregor
--
what's puzzlin
Pavel,
On Dec 30, 2007 4:36 AM, <[EMAIL PROTECTED]> wrote:
> not exactly true, you may try to use the SNI patch that allows several
> certs on a single ip.
>
it's still true, however, maybe the statement is not complete.
TLS is pretty new, and i.e. my firefox-browser does not accept such a
cert
you will need either different ip/port-combinations for each ssl-site
or you can try with the so-called wildcard-certs (example.
https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html).
most recent browsers will support them.
cheers
gregor
--
what's puzzlin' you, is the nature of
Hi Owen!
On Nov 21, 2007 4:59 PM, Boyle Owen <[EMAIL PROTECTED]> wrote:
>
> That's about right... You didn't (mercifully :-) show us your complete config,
>
well, if u need some reading-stuff. I'll send them to ypu right away
or, if you prefer, post 'em here on the list ;)
> but I'm guessing you
hi krist,
>
> Are you sure? This looks like Apache behaving against its
> specification in a big way.
>
I am sure since it's working as expected.
Afaik this issue has been discussed before, I just couldn't find it.
Against what specs should Apache behave? Any URL quoting those specs?
As I'm un
Guys,
I've just solved the problem.
As I said b4, I don't care about a message stating "SSL-cert is not
valid" since it's just a test-server.
The problem was the ServerName-directive:
Now I've changed my vhost-definition to
ServerAlias test-clue
ServerAlias test-clue
.
Hi Guys,
I always keep being puzzled about those options, and I also don't get
enlighted by the doc.
this is what I have:
System: Debian Etch
/etc/apache2/apaxhe2.conf:
...
NameVirtualHost *:80
NameVirtualHost *:443
...
in /etc/apache2/sites-enabled I have
file clue:
ServerName test-cl
On 11/6/07, Ryan Barnett <[EMAIL PROTECTED]> wrote:
>
> > Why not a URL where we can view it?
> [Ryan Barnett] Here you go -
> http://apachebenchmark.sourceforge.net/CIS_Apache_Benchmark_v2.1.doc
>
ehem - great, however, there's no such thing like ms word on my machine -
hope it's not too much ask
the only nonsense is to run dos / win-modules on a *nix-box & then
worry about the messages...
cheers
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
--
Within Nessus, you have the options to choose the tests you want to run.
It's a bit of work, however, configuring (choosing those tests dealing
with *your* os / webserver / database etc.) and then saving them for
future usage is worth while and avoids such garbage-messages.
Coming to your specific
if (knowledge == 0) {
read (FAQ);
use (SEARCH_DOCS);
use (GOOGLE);
} else {
use (BRAIN);
make (POST);
}
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
--
www.debian.org
man aptitude
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
The official User-To-User support forum
Sorry, Kevin,
thought the only difference between the Request and the 302-Response
was http/https (meaning redirecting to HTTPS). I simply got you wrong.
Cheers
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://
how about mod_rewrite?
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1
gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
--
ServerName www.foo.com
[ ... ]
RewriteEngine On
RewriteRule ^/(.*)$ https://www1.foo.com/$1
[ ...]
:443>
ServerAlias www1.foo.com
[ ... ]
HTH
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http:
Well, it's raining here in Cologne although I bought tanner yesterday,
anybody can help?
Have a look here http://www.catb.org/~esr/faqs/smart-questions.html,
re-think and then come back.
And, btw., reading the manual usually is a good start...
Greg
--
what's puzzlin' you, is the nature of my ga
Hi Ian,
great your problem is solved now, however, could you pls. describe
what didn't work with the other solution (SetEnvIf & Mod_headers)?
I'm just curious since this is working for us.
What headers are you getting xactly now? Just "Expires", I assume, and
no "Cache-Control:" - right?
Cheer
Rather than looking at Ethereal, get yourself a copy of Firefox and
install the plugin "LiveHttpHeaders"
(https://addons.mozilla.org/firefox/3829/) - saved us a lot of time
here and made life *much* easier.
good luck!
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA52680702
Just a shot from the hip:
# load modules sentenvif and headers - adapt the path!!!
#
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
#
# define grafix depending on the extension:
SetEnvIf Request_URI "\.(gif)|(j
Anil,
sorry, don't know about your config and I'm running Debian here,
besides we're offtopic.
Maybe you want to report your problem to the Suse mailinglist.
Just send a blank mail to [EMAIL PROTECTED] with the
topic "subscribe", I'm sure you'll find some competent help there.
Cheers
Greg
--
although offtopic:
how about
find / -type f -name "test\.sh" -print
I assume you try this as root?
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
Hi guys,
I'm wondering if setting up Squid as a reverse proxy in front of our
hardware-load-balanced Apache/Tomcat-installations could boost up
performance.
After I did some reading about Squid, I understood:
- Squid is caching requests
- I can prevent Squid from caching dynamic content
- Squid
Hi Meir,
we are not using LDAP.
The principle of our solution is as follows:
We have written a simple Servlet, that gets authenticated by Tomcat
via FormLogin.
The Servlet will then read the Cookie JSSOSessionID and will write the
contents of this Cookie into the MySQL-DB specified by
mod_auth_
nope, it's one module, and it doesn't break modularity. please refer
to the docs which have been posted above to understand how it's
working.
maybe you can do the same by combining the named modules, however,
it's way more work, more complex and it's really the question if you
get it working anyw
nope. you could create a memory-realm for tomcat, however, you'll need
a mysql-db for apache (mod_auth_cookie_mysql).
cheers
greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
forgot to mention:
the above solution works the other way round: authentication is done
by tomcat, which then passes a cookie. the cookie is stored in a
mysql-db which is read by mod_auth_cookie_mysql. if there's a valid
entry, authorization for apache is granted by mod_auth_cookie_mysql.
cheers
take a look at mod_auth_cookie_mysql2 (assuming you're using apache2):
http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/
cheers
Greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
Dear list,
I've just migrated an I386-Linux-Debian Sarge to Edge. Since Edge
includes Apache 2.2, this means I also had to move from Apache 2.0.x
to Apache 2.2
Although I know that Joshua is going to scold me ;), I've set up 3
SSL-VHosts on one Debian-Server, all having the same IP. This is a
de
My suggestion:
ServerName your_server
ServerAdmin [EMAIL PROTECTED]
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
#
RewriteEngine On
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1
RewriteLog /var/lo
Forgive me, I was mixing up 2 threads, sorry 4 that.
Maybe it's time to call it a day.
Sorry again
Greg
--
what's puzzlin' you, is the nature of my game
-
The official User-To-User support forum of the Apache HTTP Server Proje
Forgot to mention that Ian asked in the Tomcat-userlist if he could
run both on the same port (check for the post "Can Apache and Tomcat
both be configured in port 80?")
Sorry, forgot to mention that
Greg
--
what's puzzlin' you, is the nature of my game
-
This wont work.
Ian asked if both (Apache & Tomcat) could be configured to listen on
the same port, and the anser here is definately a NO.
What you can do is use the connector JK 1.2, run Apache in front,
Tomcat on port i.e. 8009. JK then will forward the specified requests
to Tomcat, similar to
http://tomcat.apache.org/connectors-doc/
cheers
Greg
--
what's puzzlin' you, is the nature of my game
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for
Hi folks,
at last everything is working as expected. I can specify as many NAME
BASED SSL-Virtual Hosts for the same IP-adress.
PLEASE DO NOTE THAT THIS IS JUST A TEST / DEVELOPMENT-SETUP AND THAT
THE SSL-CONNECTION IS NOT SECURE (please refer to the previous
explanations in this thread).
Howev
OK, I will try this tomorrow (been a long day here in Europe) and if I
hopefully succeed, I'll post the working configs so that other can
participate.
Thanks again & good night!
Greg
--
what's puzzlin' you, is the nature of my game
---
Hi Vitaly,
I don't know about mod_cache, but we're having a similar configuration
here (Apache in front, Tomcat serving behind).
We experienced that Apache doesn't "touch" any headers when they are
served from Tomcat. Unfortunately. there is no option within Tomcat to
declare http-headers in the
Joshua,
I really have to thank you for this, somehow I really must have
misunderstood the doc completely.
If I read all the posts regarding SSL in this (and the other post):
Do I assume correctly that
- I can set up test-clue:443 and test-ltc:443 in the same way, provided
- they are using the
Great, that made it, but I'd also like to understand what happend.
The docs say:
ServerName Directive
Description:Hostname and port that the server uses to identify itself
Syntax:ServerName [scheme://]fully-qualified-domain-name[:port]
Context:server config, virtual host
Status:Core
Module:core
Sorry, had a typo:In my apache2.config, I changed it toNameVirtualHost *:80NameVirtualHost *:443Still the error occursGreg-- what's puzzlin' you, is the nature of my game
Ok, maybe now I'm getting what you mean:I kept the configs as they are, but changed my apache2.conf toNameVirtualHost test-dom:80NameVirtualHost test-dom:443and I've changed my VHosts all the (abbreviated)
ServerAdmin [EMAIL PROTECTED] ServerName test-dom ServerAdmin [EMAI
Joshua.On 10/19/06, Joshua Slive <[EMAIL PROTECTED]> wrote:
That's fine. But then you should post your best attempt at the properconfig. Not some garbage you are guessing at that has no resemblanceat all to the docs that you say you read. (I can't imagine how youcould have read those docs and co
Joshua,I really do appreciate your effort in this list and your support, however:I've tried that, I read the docs you mentioned, I tried it also with NameVirtualHost*:80 and NameVirtualHost *:443, all to no avail.
See, in the end I'm developing J2EE-wepapps, that's my job, but I'm far from being a
Hi owen,On 10/19/06, Boyle Owen <[EMAIL PROTECTED]> wrote:
The question is usually asked by people who haven't thought long enoughabout why they want to use SSL. They think because it's encrypted on thewire, that's already pretty good and having a valid cert is just a
bureaucratic bonus.nope, that
Hi Hoshua,first, thanks for your explanations, however, I'm havin 2 questions:On 10/17/06, Joshua Slive <
[EMAIL PROTECTED]> wrote:You need only one NameVirtualHost directive for each IP-address/port
combination. And you should not use hostnames in NameVirtualHost or. In a simple case like yours,
Hi guys,I'm having the honor to set up an environment where 3 different virtual hosts should be running on Apache 2.0.x, each listening on :80 and :443.Operating system is Debian Sarge.The problem: I'm just having ONE IP-adress. Since this is only a test- and development-server, I thought I'd try
[x] my signature heregregor-- what's puzzlin' you, is the nature of my game
Hi Pane,thanks a lot, I guess the (.*) was the _expression_ I was looking for.Great!Gregor-- what's puzzlin' you, is the nature of my game
Hi guys,I've just walked through the docs of mod_rewrite and I got overwhelmed by the complexity of it :(Actually I just want to do quite a simple thing:If my URI contains/SingleSignOn/SingleSignOn?r=/dom[plus_some_other_stuff_here]
change it to/SingleSignOn/SingleSignOn?r=/domIf I got the docs cor
Dear all,
just a stupid question regarding Apache and sessions:
We are running Apache 2.0.5x together with Tomcat 5.15.x and are using
mod_auth_cookie_mysql. Authorization is handeld via Tomcat.
Now mod_auth_cookie_mysql sets an expiration-time into the
MySQL-database, after which the cookie is
Jack,
you're better of with a 404 rather than the source, hm?
Take a look at the apache access-logs: What's the url causing a 404?
What's the url when getting a 200? Is there a difference?
Cheers
Greg
--
what's puzzlin' you, is the nature of my game
---
Ooops, should have waited 5 minutes, anyways...
Jacky, that means you have a complete copy of your JSP-files on your
Apache-machine?
If so, have you taken a look into your Apache-logs? Is there an option
that you configure mod_caucho so that it logs in debug-mode?
Greg
--
what's puzzlin' you, i
Jacky,
just try to call your Resin-app directly (i.e.
http://your_host/your_app:8009 where 8009 is the port where Resin is
listening to) and try to reproduce the behaviour.
As Nick wrote, it's most likely that it's a "Resin"-thing *unless*
your jsp-directories are available to Apache (that could
Hi Jacky,
I'm too sorry, but here I'm really running out of any ideas - most of
all, since I'm not a Resin-expert but am more into Tomcat as a
servlet-container.
Hopefully somebody from this list or from the Resin-Group is able to
help you out.
Sorry that I don't have any better suggestion for
hi jacky,
you also wrote "we discover that sometimes apache will display" - are
you able to specify this "sometimes"? can you spot any rules when this
happens? is it for a certain wep-app only? only a certain url? if so,
what's the difference between the working wep-apps and the wep-apps
not work
Hi Jacky,
without knowing too much about mod_caucho, to me it sounds as if there
is a misconfiguration in mod_caucho since the documents seem not to be
forwarded to your Resin container.
Can you determine wether your pages (when the source-code is
displayed) are served by Apache or Resin?
I sugg
and maybe another free-of-charge-tip for the future:
never ever post the name of your website AND your configs AND
demonstrate to the whole list that you got no idea of how to setup a
web-server: the result is most likely that your webserver won't be
running for too long since this is an invitati
ok - i just got my popcorn & beer ;)
cheers!
greg
ps: thank god there are some volunteers like you who test the new
stuff so we don't have to ;)
--
what's puzzlin' you, is the nature of my game
-
The official User-To-User supp
Hi Joshua,On 8/3/06, Joshua Slive <[EMAIL PROTECTED]> wrote:
> The point is, if you know you need those modules, those lines do> absolutely nothing positive and may deceive you into thinking nothing> is wrong if the modules are ever removed.ok, got that
> That's all a tomcat issue that would be b
Hi Joshua,first, thanks for the info.Anyhow, a few questions:On 8/3/06, Joshua Slive <[EMAIL PROTECTED]
> wrote:
> > Apache HTTPD 2.0.48, Suse 9 something, Tomcat 5.0.28 working together with> > Apache HTTPD via mod_jk.> Rather old version of apache.actually it's 2.0.49 - however, we do prefer some
hi guys,I'm getting nuts here. This is what i have:Apache HTTPD 2.0.48, Suse 9 something, Tomcat 5.0.28 working together with Apache HTTPD via mod_jk.I have loaded and included both mod_headers and mod_expires (verified via https:/.../server-info), however, something puzzels me here:
First, I'm att
60 matches
Mail list logo
