Tema: siguen los problemas con los host virtuales
Ver Mensaje Individual
  #1 (permalink)  
Antiguo 15/12/2009, 11:56
X_fran
 
Fecha de Ingreso: octubre-2007
Mensajes: 273
Antigüedad: 17 años, 1 mes
Puntos: 5
siguen los problemas con los host virtuales
weno peoples, sigo con problemas a la hora de configurar host virtuales:

configure un host virtual para que sea accesible por HTTP y ahora trato de hacer lo mismo para que sea accesible por HTTPS, pero cuando habilito los sitios y reinicio el apache, me lanza que hay un host virtual que se superpone, solapa, no se bien la traducción(overlap) y que hay un host virtual que tiene precedencia sobre el otro en el puerto 443(ssl).
Podrían ayudarme con esto ??

annh, aquí están las confguraciones que tengo en /etc/apache2/sites-availables:

este es para el host virtual accesible vía HTTP, fichero finternos.uci.cu:

Código Apache: 
Ver original
  1. NameVirtualhost *:80
  2.  
  3. <VirtualHost finternos.uci.cu:80>
  4.     ServerAdmin webmaster@localhost
  5.     ServerName finternos.uci.cu
  6.     DocumentRoot "/var/www/web/francisco/internos/web/"
  7.     #DirectoryIndex index.php
  8.     <Directory />
  9.         Options FollowSymLinks
  10.         AllowOverride None
  11.     </Directory>
  12.     <Directory /var/www/web/francisco/internos/web/>
  13.         Options Indexes FollowSymLinks MultiViews
  14.         AllowOverride None
  15.         Order allow,deny
  16.         allow from all
  17.     </Directory>
  18.  
  19.     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  20.     <Directory "/usr/lib/cgi-bin">
  21.         AllowOverride None
  22.         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  23.         Order allow,deny
  24.         Allow from all
  25.     </Directory>
  26.  
  27.     ErrorLog /var/log/apache2/error.log
  28.  
  29.     # Possible values include: debug, info, notice, warn, error, crit,
  30.     # alert, emerg.
  31.     LogLevel warn
  32.  
  33.     CustomLog /var/log/apache2/access.log combined
  34.  
  35.     Alias /doc/ "/usr/share/doc/"
  36.     <Directory "/usr/share/doc/">
  37.         Options Indexes MultiViews FollowSymLinks
  38.         AllowOverride None
  39.         Order deny,allow
  40.         Deny from all
  41.         Allow from 127.0.0.0/255.0.0.0 ::1/128
  42.     </Directory>
  43. </VirtualHost>

y este es el virtual host accesible vía HTTPS, fichero finternos.uci.cu-ssl:

Código Apache: 
Ver original
  1. NameVirtualHost *:443
  2. <IfModule mod_ssl.c>
  3. <VirtualHost finternos.uci.cu:443>
  4.     ServerAdmin webmaster@localhost
  5.     ServerName finternos.uci.cu
  6.     DocumentRoot  /var/www/web/francisco/internos/web/
  7.     <Directory />
  8.         Options FollowSymLinks
  9.         AllowOverride None
  10.     </Directory>
  11.     <Directory /var/www/web/francisco/internos/web/>
  12.         Options Indexes FollowSymLinks MultiViews
  13.         AllowOverride None
  14.         Order allow,deny
  15.         allow from all
  16.     </Directory>
  17.  
  18.     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  19.     <Directory "/usr/lib/cgi-bin">
  20.         AllowOverride None
  21.         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  22.         Order allow,deny
  23.         Allow from all
  24.     </Directory>
  25.  
  26.     ErrorLog /var/log/apache2/error.log
  27.  
  28.     # Possible values include: debug, info, notice, warn, error, crit,
  29.     # alert, emerg.
  30.     LogLevel warn
  31.  
  32.     CustomLog /var/log/apache2/ssl_access.log combined
  33.  
  34.     Alias /doc/ "/usr/share/doc/"
  35.     <Directory "/usr/share/doc/">
  36.         Options Indexes MultiViews FollowSymLinks
  37.         AllowOverride None
  38.         Order deny,allow
  39.         Deny from all
  40.         Allow from 127.0.0.0/255.0.0.0 ::1/128
  41.     </Directory>
  42.  
  43.     #   SSL Engine Switch:
  44.     #   Enable/Disable SSL for this virtual host.
  45.     SSLEngine on
  46.  
  47.     #   A self-signed (snakeoil) certificate can be created by installing
  48.     #   the ssl-cert package. See
  49.     #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
  50.     #   If both key and certificate are stored in the same file, only the
  51.     #   SSLCertificateFile directive is needed.
  52.     #SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
  53.         
  54.     SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
  55.  
  56.     #   Server Certificate Chain:
  57.     #   Point SSLCertificateChainFile at a file containing the
  58.     #   concatenation of PEM encoded CA certificates which form the
  59.     #   certificate chain for the server certificate. Alternatively
  60.     #   the referenced file can be the same as SSLCertificateFile
  61.     #   when the CA certificates are directly appended to the server
  62.     #   certificate for convinience.
  63.     #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
  64.  
  65.     #   Certificate Authority (CA):
  66.     #   Set the CA certificate verification path where to find CA
  67.     #   certificates for client authentication or alternatively one
  68.     #   huge file containing all of them (file must be PEM encoded)
  69.     #   Note: Inside SSLCACertificatePath you need hash symlinks
  70.     #         to point to the certificate files. Use the provided
  71.     #         Makefile to update the hash symlinks after changes.
  72.     #SSLCACertificatePath /etc/ssl/certs/
  73.     #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
  74.  
  75.     #   Certificate Revocation Lists (CRL):
  76.     #   Set the CA revocation path where to find CA CRLs for client
  77.     #   authentication or alternatively one huge file containing all
  78.     #   of them (file must be PEM encoded)
  79.     #   Note: Inside SSLCARevocationPath you need hash symlinks
  80.     #         to point to the certificate files. Use the provided
  81.     #         Makefile to update the hash symlinks after changes.
  82.     #SSLCARevocationPath /etc/apache2/ssl.crl/
  83.     #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
  84.  
  85.     #   Client Authentication (Type):
  86.     #   Client certificate verification type and depth.  Types are
  87.     #   none, optional, require and optional_no_ca.  Depth is a
  88.     #   number which specifies how deeply to verify the certificate
  89.     #   issuer chain before deciding the certificate is not valid.
  90.     #SSLVerifyClient require
  91.     #SSLVerifyDepth  10
  92.  
  93.     #   Access Control:
  94.     #   With SSLRequire you can do per-directory access control based
  95.     #   on arbitrary complex boolean expressions containing server
  96.     #   variable checks and other lookup directives.  The syntax is a
  97.     #   mixture between C and Perl.  See the mod_ssl documentation
  98.     #   for more details.
  99.     #<Location />
  100.     #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
  101.     #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
  102.     #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
  103.     #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
  104.     #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
  105.     #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
  106.     #</Location>
  107.  
  108.     #   SSL Engine Options:
  109.     #   Set various options for the SSL engine.
  110.     #   o FakeBasicAuth:
  111.     #     Translate the client X.509 into a Basic Authorisation.  This means that
  112.     #     the standard Auth/DBMAuth methods can be used for access control.  The
  113.     #     user name is the `one line' version of the client's X.509 certificate.
  114.     #     Note that no password is obtained from the user. Every entry in the user
  115.     #     file needs this password: `xxj31ZMTZzkVA'.
  116.     #   o ExportCertData:
  117.     #     This exports two additional environment variables: SSL_CLIENT_CERT and
  118.     #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
  119.     #     server (always existing) and the client (only existing when client
  120.     #     authentication is used). This can be used to import the certificates
  121.     #     into CGI scripts.
  122.     #   o StdEnvVars:
  123.     #     This exports the standard SSL/TLS related `SSL_*' environment variables.
  124.     #     Per default this exportation is switched off for performance reasons,
  125.     #     because the extraction step is an expensive operation and is usually
  126.     #     useless for serving static content. So one usually enables the
  127.     #     exportation for CGI and SSI requests only.
  128.     #   o StrictRequire:
  129.     #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
  130.     #     under a "Satisfy any" situation, i.e. when it applies access is denied
  131.     #     and no other module can change it.
  132.     #   o OptRenegotiate:
  133.     #     This enables optimized SSL connection renegotiation handling when SSL
  134.     #     directives are used in per-directory context.
  135.     #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  136.     <FilesMatch "\.(cgi|shtml|phtml|php)$">
  137.         SSLOptions +StdEnvVars
  138.     </FilesMatch>
  139.     <Directory /usr/lib/cgi-bin>
  140.         SSLOptions +StdEnvVars
  141.     </Directory>
  142.  
  143.     #   SSL Protocol Adjustments:
  144.     #   The safe and default but still SSL/TLS standard compliant shutdown
  145.     #   approach is that mod_ssl sends the close notify alert but doesn't wait for
  146.     #   the close notify alert from client. When you need a different shutdown
  147.     #   approach you can use one of the following variables:
  148.     #   o ssl-unclean-shutdown:
  149.     #     This forces an unclean shutdown when the connection is closed, i.e. no
  150.     #     SSL close notify alert is send or allowed to received.  This violates
  151.     #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
  152.     #     this when you receive I/O errors because of the standard approach where
  153.     #     mod_ssl sends the close notify alert.
  154.     #   o ssl-accurate-shutdown:
  155.     #     This forces an accurate shutdown when the connection is closed, i.e. a
  156.     #     SSL close notify alert is send and mod_ssl waits for the close notify
  157.     #     alert of the client. This is 100% SSL/TLS standard compliant, but in
  158.     #     practice often causes hanging connections with brain-dead browsers. Use
  159.     #     this only for browsers where you know that their SSL implementation
  160.     #     works correctly.
  161.     #   Notice: Most problems of broken clients are also related to the HTTP
  162.     #   keep-alive facility, so you usually additionally want to disable
  163.     #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
  164.     #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
  165.     #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
  166.     #   "force-response-1.0" for this.
  167.     BrowserMatch ".*MSIE.*" \
  168.         nokeepalive ssl-unclean-shutdown \
  169.         downgrade-1.0 force-response-1.0
  170.  
  171. </VirtualHost>
  172. </IfModule>