Foros del Web » Administración de Sistemas » Apache »

siguen los problemas con los host virtuales

 Estas en el tema de siguen los problemas con los host virtuales en el foro de Apache en Foros del Web. weno peoples, sigo con problemas a la hora de configurar host virtuales: configure un host virtual para que sea accesible por HTTP y ahora trato ...
  #1 (permalink)  
Antiguo 15/12/2009, 11:56
 
Fecha de Ingreso: octubre-2007
Mensajes: 273
Antigüedad: 16 años, 6 meses
Puntos: 5
siguen los problemas con los host virtuales
weno peoples, sigo con problemas a la hora de configurar host virtuales:

configure un host virtual para que sea accesible por HTTP y ahora trato de hacer lo mismo para que sea accesible por HTTPS, pero cuando habilito los sitios y reinicio el apache, me lanza que hay un host virtual que se superpone, solapa, no se bien la traducción(overlap) y que hay un host virtual que tiene precedencia sobre el otro en el puerto 443(ssl).
Podrían ayudarme con esto ??

annh, aquí están las confguraciones que tengo en /etc/apache2/sites-availables:

este es para el host virtual accesible vía HTTP, fichero finternos.uci.cu:

Código Apache: 
Ver original
  1. NameVirtualhost *:80
  2.  
  3. <VirtualHost finternos.uci.cu:80>
  4.     ServerAdmin webmaster@localhost
  5.     ServerName finternos.uci.cu
  6.     DocumentRoot "/var/www/web/francisco/internos/web/"
  7.     #DirectoryIndex index.php
  8.     <Directory />
  9.         Options FollowSymLinks
  10.         AllowOverride None
  11.     </Directory>
  12.     <Directory /var/www/web/francisco/internos/web/>
  13.         Options Indexes FollowSymLinks MultiViews
  14.         AllowOverride None
  15.         Order allow,deny
  16.         allow from all
  17.     </Directory>
  18.  
  19.     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  20.     <Directory "/usr/lib/cgi-bin">
  21.         AllowOverride None
  22.         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  23.         Order allow,deny
  24.         Allow from all
  25.     </Directory>
  26.  
  27.     ErrorLog /var/log/apache2/error.log
  28.  
  29.     # Possible values include: debug, info, notice, warn, error, crit,
  30.     # alert, emerg.
  31.     LogLevel warn
  32.  
  33.     CustomLog /var/log/apache2/access.log combined
  34.  
  35.     Alias /doc/ "/usr/share/doc/"
  36.     <Directory "/usr/share/doc/">
  37.         Options Indexes MultiViews FollowSymLinks
  38.         AllowOverride None
  39.         Order deny,allow
  40.         Deny from all
  41.         Allow from 127.0.0.0/255.0.0.0 ::1/128
  42.     </Directory>
  43. </VirtualHost>

y este es el virtual host accesible vía HTTPS, fichero finternos.uci.cu-ssl:

Código Apache: 
Ver original
  1. NameVirtualHost *:443
  2. <IfModule mod_ssl.c>
  3. <VirtualHost finternos.uci.cu:443>
  4.     ServerAdmin webmaster@localhost
  5.     ServerName finternos.uci.cu
  6.     DocumentRoot  /var/www/web/francisco/internos/web/
  7.     <Directory />
  8.         Options FollowSymLinks
  9.         AllowOverride None
  10.     </Directory>
  11.     <Directory /var/www/web/francisco/internos/web/>
  12.         Options Indexes FollowSymLinks MultiViews
  13.         AllowOverride None
  14.         Order allow,deny
  15.         allow from all
  16.     </Directory>
  17.  
  18.     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  19.     <Directory "/usr/lib/cgi-bin">
  20.         AllowOverride None
  21.         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  22.         Order allow,deny
  23.         Allow from all
  24.     </Directory>
  25.  
  26.     ErrorLog /var/log/apache2/error.log
  27.  
  28.     # Possible values include: debug, info, notice, warn, error, crit,
  29.     # alert, emerg.
  30.     LogLevel warn
  31.  
  32.     CustomLog /var/log/apache2/ssl_access.log combined
  33.  
  34.     Alias /doc/ "/usr/share/doc/"
  35.     <Directory "/usr/share/doc/">
  36.         Options Indexes MultiViews FollowSymLinks
  37.         AllowOverride None
  38.         Order deny,allow
  39.         Deny from all
  40.         Allow from 127.0.0.0/255.0.0.0 ::1/128
  41.     </Directory>
  42.  
  43.     #   SSL Engine Switch:
  44.     #   Enable/Disable SSL for this virtual host.
  45.     SSLEngine on
  46.  
  47.     #   A self-signed (snakeoil) certificate can be created by installing
  48.     #   the ssl-cert package. See
  49.     #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
  50.     #   If both key and certificate are stored in the same file, only the
  51.     #   SSLCertificateFile directive is needed.
  52.     #SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
  53.         
  54.     SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
  55.  
  56.     #   Server Certificate Chain:
  57.     #   Point SSLCertificateChainFile at a file containing the
  58.     #   concatenation of PEM encoded CA certificates which form the
  59.     #   certificate chain for the server certificate. Alternatively
  60.     #   the referenced file can be the same as SSLCertificateFile
  61.     #   when the CA certificates are directly appended to the server
  62.     #   certificate for convinience.
  63.     #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
  64.  
  65.     #   Certificate Authority (CA):
  66.     #   Set the CA certificate verification path where to find CA
  67.     #   certificates for client authentication or alternatively one
  68.     #   huge file containing all of them (file must be PEM encoded)
  69.     #   Note: Inside SSLCACertificatePath you need hash symlinks
  70.     #         to point to the certificate files. Use the provided
  71.     #         Makefile to update the hash symlinks after changes.
  72.     #SSLCACertificatePath /etc/ssl/certs/
  73.     #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
  74.  
  75.     #   Certificate Revocation Lists (CRL):
  76.     #   Set the CA revocation path where to find CA CRLs for client
  77.     #   authentication or alternatively one huge file containing all
  78.     #   of them (file must be PEM encoded)
  79.     #   Note: Inside SSLCARevocationPath you need hash symlinks
  80.     #         to point to the certificate files. Use the provided
  81.     #         Makefile to update the hash symlinks after changes.
  82.     #SSLCARevocationPath /etc/apache2/ssl.crl/
  83.     #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
  84.  
  85.     #   Client Authentication (Type):
  86.     #   Client certificate verification type and depth.  Types are
  87.     #   none, optional, require and optional_no_ca.  Depth is a
  88.     #   number which specifies how deeply to verify the certificate
  89.     #   issuer chain before deciding the certificate is not valid.
  90.     #SSLVerifyClient require
  91.     #SSLVerifyDepth  10
  92.  
  93.     #   Access Control:
  94.     #   With SSLRequire you can do per-directory access control based
  95.     #   on arbitrary complex boolean expressions containing server
  96.     #   variable checks and other lookup directives.  The syntax is a
  97.     #   mixture between C and Perl.  See the mod_ssl documentation
  98.     #   for more details.
  99.     #<Location />
  100.     #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
  101.     #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
  102.     #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
  103.     #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
  104.     #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
  105.     #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
  106.     #</Location>
  107.  
  108.     #   SSL Engine Options:
  109.     #   Set various options for the SSL engine.
  110.     #   o FakeBasicAuth:
  111.     #     Translate the client X.509 into a Basic Authorisation.  This means that
  112.     #     the standard Auth/DBMAuth methods can be used for access control.  The
  113.     #     user name is the `one line' version of the client's X.509 certificate.
  114.     #     Note that no password is obtained from the user. Every entry in the user
  115.     #     file needs this password: `xxj31ZMTZzkVA'.
  116.     #   o ExportCertData:
  117.     #     This exports two additional environment variables: SSL_CLIENT_CERT and
  118.     #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
  119.     #     server (always existing) and the client (only existing when client
  120.     #     authentication is used). This can be used to import the certificates
  121.     #     into CGI scripts.
  122.     #   o StdEnvVars:
  123.     #     This exports the standard SSL/TLS related `SSL_*' environment variables.
  124.     #     Per default this exportation is switched off for performance reasons,
  125.     #     because the extraction step is an expensive operation and is usually
  126.     #     useless for serving static content. So one usually enables the
  127.     #     exportation for CGI and SSI requests only.
  128.     #   o StrictRequire:
  129.     #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
  130.     #     under a "Satisfy any" situation, i.e. when it applies access is denied
  131.     #     and no other module can change it.
  132.     #   o OptRenegotiate:
  133.     #     This enables optimized SSL connection renegotiation handling when SSL
  134.     #     directives are used in per-directory context.
  135.     #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  136.     <FilesMatch "\.(cgi|shtml|phtml|php)$">
  137.         SSLOptions +StdEnvVars
  138.     </FilesMatch>
  139.     <Directory /usr/lib/cgi-bin>
  140.         SSLOptions +StdEnvVars
  141.     </Directory>
  142.  
  143.     #   SSL Protocol Adjustments:
  144.     #   The safe and default but still SSL/TLS standard compliant shutdown
  145.     #   approach is that mod_ssl sends the close notify alert but doesn't wait for
  146.     #   the close notify alert from client. When you need a different shutdown
  147.     #   approach you can use one of the following variables:
  148.     #   o ssl-unclean-shutdown:
  149.     #     This forces an unclean shutdown when the connection is closed, i.e. no
  150.     #     SSL close notify alert is send or allowed to received.  This violates
  151.     #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
  152.     #     this when you receive I/O errors because of the standard approach where
  153.     #     mod_ssl sends the close notify alert.
  154.     #   o ssl-accurate-shutdown:
  155.     #     This forces an accurate shutdown when the connection is closed, i.e. a
  156.     #     SSL close notify alert is send and mod_ssl waits for the close notify
  157.     #     alert of the client. This is 100% SSL/TLS standard compliant, but in
  158.     #     practice often causes hanging connections with brain-dead browsers. Use
  159.     #     this only for browsers where you know that their SSL implementation
  160.     #     works correctly.
  161.     #   Notice: Most problems of broken clients are also related to the HTTP
  162.     #   keep-alive facility, so you usually additionally want to disable
  163.     #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
  164.     #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
  165.     #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
  166.     #   "force-response-1.0" for this.
  167.     BrowserMatch ".*MSIE.*" \
  168.         nokeepalive ssl-unclean-shutdown \
  169.         downgrade-1.0 force-response-1.0
  170.  
  171. </VirtualHost>
  172. </IfModule>
  #2 (permalink)  
Antiguo 14/01/2010, 16:18
 
Fecha de Ingreso: septiembre-2008
Mensajes: 91
Antigüedad: 15 años, 7 meses
Puntos: 0
Respuesta: siguen los problemas con los host virtuales
Hola, me puse a mirar tus archivos por que yo tambien ando queriendo tener dos vhosts. Uno http y otro https. Dice que se solapan por que fijate que en la directiva DocumentRoot le estas pasando el mismo directorio para los dos vhosts. Le estas pasando "/var/www/web/francisco/internos/web/".
Tambien tenes que cambiar lo que pusiste en < directory /path>.
O sea, cada vhost con su DocumenteRoot y tenes que repetir el DocumentRoot en la etiqueta Directory de cada vhost
__________________
Hay que vencer!!!
  #3 (permalink)  
Antiguo 18/01/2010, 01:31
 
Fecha de Ingreso: octubre-2007
Mensajes: 273
Antigüedad: 16 años, 6 meses
Puntos: 5
Respuesta: siguen los problemas con los host virtuales
si pero eso es exactamente lo que deseo que suceda, que el mismo sitio sea accesible por http o https

solamente quiero que el login sea https, eso se puede manejar parseando las url perooo, de todos modos creo tienen ke existir los dos host virtuales que apunten al mismo dominio.

alguna idea ?!?!
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta


« Tema Anterior | Próximo Tema »


La zona horaria es GMT -6. Ahora son las 14:09.