[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] AW: Need Help with httpd.conf and SSL settings !
- Subject: [cobalt-users] AW: Need Help with httpd.conf and SSL settings !
- From: "Athlon" <athlon@xxxxxxxxx>
- Date: Tue Dec 17 05:07:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hmm, my httpd.config looks a little bit other than yours...
I am missing in yours the whole global ssl setup.
This is how mine is looking after the line LISTEN:
-----snip------
Listen 80
# global ssl setup
#<IfModule mod_ssl.c>
#SSLSessionCache dbm:/var/log/httpd/ssl_scache
#SSLSessionCacheTimeout 300
#SSLMutex file:/var/log/httpd/ssl_mutex
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect builtin
# Location of a secondary signing authority certificate. Uncomment and edit
# the location if necessary if you install a secondary certificate.
#SSLCACertificateFile /etc/httpd/conf/ca-bundle
</IfModule>
# uncomment this for debugging
#
#PerlModule Apache::Status
#<Location /mod_perl/>
#SetHandler perl-script
#PerlHandler Apache::Status
#</Location>
<Perl>
use Apache::PerlSections();
#use Cobalt::Ssl;
# Only a temp variable until we go the whole hog.
#my (ssl_conf,$ip,$group,$rewrite_rules,$proto,$ret);
open(HTTPD_CONF,"/etc/httpd/conf/httpd.conf") ||
die "What ? We can't read our own configuration file?: $!";
# O.K. What we bassically want to do is build up new section in the conf
file
# for SSL sections.
while(<HTTPD_CONF>) {
if (/^<VirtualHost [\d\.]+>$/ ... /^<\/VirtualHost>$/) {
if ( /^<VirtualHost ([\d\.]+)>/o ) {
# New section. Clean up.
$ip = $1;
#ssl_conf = ();
$group = undef;
}
# Skip this bit, we don't need it now..
next if (/^<VirtualHost/);
# Just need to grab the group name out before we get on with
# the real work.
if ( /DocumentRoot \/home\/sites\/([^\/]+)\/web/ ){
$group = $1;
}
# These two are for the rewrite options
s/http/https/go if (/^Rewrite/);
s/80/443/go if (/^Rewrite/);
push #ssl_conf, $_;
# Hardcoded, issues with mod_perl and cobalt modules.
if (/^<\/Virtual/ and (-f "/etc/httpd/#ssl/$group")) {
$ret = #ssl_cert_check("/home/sites/$group/certs/");
if ($ret=~/^2/o) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "#SSLengine on\n";
$PerlConfig .= "#SSLCertificateFile
/home/sites/$group/certs/ce$
$PerlConfig .= "#SSLCertificateKeyFile
/home/sites/$group/certs$
$PerlConfig .= join('', #ssl_conf);
} elsif (#ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$PerlConfig .= "Listen $ip:443\n";
$PerlConfig .= "<VirtualHost $ip:443>\n";
$PerlConfig .= "#SSLengine on\n";
$PerlConfig .= "#SSLCertificateFile
/home/sites/home/certs/cert$
$PerlConfig .= "#SSLCertificateKeyFile
/home/sites/home/certs/k$
$PerlConfig .= join('', #ssl_conf);
} else {
print STDERR "Site $group has invalid certificate: $ret\n";
}
}
}
}
close HTTPD_CONF;
# O.K. Now we're done with that ugliness the Rewrite rules to provide
transisti$
# from the user to the admin server need to be different depending on
whether w$
# ssl active or not.
if ( #ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
$proto = 'https';
} else {
$proto = 'http';
}
# This many seem a little tortured as a way to do this, but the
# quoting is hell.$rewrite_rules =
'RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteCond %{DOCUMENT_ROOT} !-d
RewriteRule .*
proto://servername:81/.cobalt/error/for$
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/admin/?$
proto://servername:81/.cobalt/sysManage$
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/siteadmin/?$
proto://servername:81/.cobalt/siteManag$
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/personal/?$
proto://servername:81/.cobalt/personal/$
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/.cobalt/(.+) proto://servername:81/.cobalt/$1
[L,R]
RewriteCond %{HTTP_HOST} ^([^:]+)
RewriteRule ^/cgi-bin/.cobalt/(.+)
proto://servername:81/cgi-bin/.cobalt/$$
';
$rewrite_rules =~ s/servername/%1/g;
$rewrite_rules =~ s/proto/$proto/g;
$PerlConfig .= $rewrite_rules;
if ( -f "/etc/DEBUG" ) {
print STDERR Apache::PerlSections->dump();
}
</Perl>
# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost command.
# See also the BindAddress entry.
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxxx
#DocumentRoot /www/docs/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog logs/host.some_domain.com-error_log
#TransferLog logs/host.some_domain.com-access_log
#</VirtualHost>
NameVirtualHost 216.234.188.55
<VirtualHost 216.234.188.55>
ServerName www.w3s.at
ServerAdmin admin
DocumentRoot /home/sites/home/web
ServerAlias www.w3s.at w3s.at
RewriteEngine on
RewriteCond %{HTTP_HOST} !^216.234.188.55(:80)?$
RewriteCond %{HTTP_HOST} !^www.w3s.at(:80)?$
RewriteRule ^/(.*) http://www.w3s.at/$1 [L,R]
RewriteOptions inherit
AliasMatch ^/~([^/]+)(/(.*))? /home/sites/home/users/$1/web/$3
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php
# AddHandler chiliasp .asp
# AddHandler chiliasp .asa
Alias /caspclient /home/chiliasp/caspsamp/friendship/client/content
Alias /caspagent /home/chiliasp/caspsamp/friendship/agent/content
Alias /casp401k /home/chiliasp/caspsamp/401K/content
Alias /caspsamp /home/chiliasp/caspsamp
Alias /caspdoc /home/chiliasp/caspdoc
AddHandler cgi-wrapper .cgi
AddHandler cgi-wrapper .pl
AddHandler server-parsed .shtml
AddType text/html .shtml
</VirtualHost>
----snap----
>
So anyone here can post another one to look at?
thx guys
>