ALJ
2010-07-01 21:40:22 UTC
I'm setting up my first apache server and I'm struggling a bit.
I have a server that is only going to accept SSL connections. I've got
that bit working. I have also managed to get the rewrite working so
that any unsecured connections are changed back to the secured
connection.
However, I keep getting the same error ("You configured HTTP(80) on
the standard HTTPS(443) port!") and am struggling a bit to understand
it.
I've tried wrapping the ssl vitual host in <ifDefine SSL> but then the
SSL connection fails. I'm not really sure what the listening settings
should be (surely both?)
(I'm on Windows Server btw)
Any help would be great. I'm getting to the stage where I think I
might be doing more damage than good.
ALJ
...
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80
Listen 123.123.123.123:80
Listen 123.123.123.123:443
...
#
# ServerName gives the name and port that the server uses to identify
itself.
# This can often be determined automatically, but we recommend you
specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP
address here.
#
#ServerName www.mydomain.net:80
ServerName www.mydomain.net:80
ServerName www.mydomain.net:443
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory,
but
# symbolic links and aliases may be used to point to other locations.
#
#DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/
htdocs"
DocumentRoot "C:/www/default"
#
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
...
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
#<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/
htdocs">
#<Directory "C:/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options
All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please
see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed
in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
#AllowOverride None
#
# Controls who can get stuff from this server.
#
# Order allow,deny
# Allow from all
#</Directory>
#-------------------- Virtual host for www.mydomain.net
--------------------
<VirtualHost 123.123.123.123:80>
ServerName www.mydomain.net
ServerAlias mydomain.net
ServerAdmin ***@mydomain.net
#Redirect everything to the secure connection
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,NC,R,L]
</VirtualHost>
#<IfDefine SSL>
<VirtualHost 123.123.123.123:443>
ServerName www.mydomain.net
ServerAlias mydomain.net
ServerAdmin ***@mydomain.net
DocumentRoot "C:/www/mysite/pdbsite/main/site_media"
#Aliases ---------------------
Alias /robots.txt "C:/www/mysite/pdbsite/main/site_media/robots.txt"
Alias /favicon.ico "C:/www/mysite/pdbsite/main/site_media/images/
favicon.ico"
Alias /site_media "C:/www/mysite/pdbsite/main/site_media"
Alias /media "C:/Python26/Lib/site-packages/django/contrib/admin/
media"
WSGIScriptAlias / "C:/www/mysite/pdbsite/apache/django.wsgi"
#Accessible directories ----------------------
<Directory "C:/www/mysite/pdbsite/main/site_media">
Order deny,allow
Allow from all
</Directory>
<Directory "C:/Python26/Lib/site-packages/django/contrib/admin/
media">
Order deny,allow
Allow from all
</Directory>
<Directory "C:/www/mysite/pdbsite/apache">
Order deny,allow
Allow from all
</Directory>
#Dynamic content settings ----------------------
#IMPORTANT!! Windows does not support daemon mode
#WSGIDaemonProcess mysite.net processes=2 threads=15 display-name=%
{GROUP}
#WSGIProcessGroup mysite.net
#SSL ------------------------------------------
SSLEngine on
SSLCertificateFile "C:/Program Files/Apache Software Foundation/
Apache2.2/conf/ssl/cert.pem"
SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/
Apache2.2/conf/ssl/server.key"
</VirtualHost>
#</IfDefine>
.....
I have a server that is only going to accept SSL connections. I've got
that bit working. I have also managed to get the rewrite working so
that any unsecured connections are changed back to the secured
connection.
However, I keep getting the same error ("You configured HTTP(80) on
the standard HTTPS(443) port!") and am struggling a bit to understand
it.
I've tried wrapping the ssl vitual host in <ifDefine SSL> but then the
SSL connection fails. I'm not really sure what the listening settings
should be (surely both?)
(I'm on Windows Server btw)
Any help would be great. I'm getting to the stage where I think I
might be doing more damage than good.
ALJ
...
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80
Listen 123.123.123.123:80
Listen 123.123.123.123:443
...
#
# ServerName gives the name and port that the server uses to identify
itself.
# This can often be determined automatically, but we recommend you
specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP
address here.
#
#ServerName www.mydomain.net:80
ServerName www.mydomain.net:80
ServerName www.mydomain.net:443
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory,
but
# symbolic links and aliases may be used to point to other locations.
#
#DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/
htdocs"
DocumentRoot "C:/www/default"
#
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
...
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
#<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/
htdocs">
#<Directory "C:/www/default">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options
All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please
see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed
in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
#AllowOverride None
#
# Controls who can get stuff from this server.
#
# Order allow,deny
# Allow from all
#</Directory>
#-------------------- Virtual host for www.mydomain.net
--------------------
<VirtualHost 123.123.123.123:80>
ServerName www.mydomain.net
ServerAlias mydomain.net
ServerAdmin ***@mydomain.net
#Redirect everything to the secure connection
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [QSA,NC,R,L]
</VirtualHost>
#<IfDefine SSL>
<VirtualHost 123.123.123.123:443>
ServerName www.mydomain.net
ServerAlias mydomain.net
ServerAdmin ***@mydomain.net
DocumentRoot "C:/www/mysite/pdbsite/main/site_media"
#Aliases ---------------------
Alias /robots.txt "C:/www/mysite/pdbsite/main/site_media/robots.txt"
Alias /favicon.ico "C:/www/mysite/pdbsite/main/site_media/images/
favicon.ico"
Alias /site_media "C:/www/mysite/pdbsite/main/site_media"
Alias /media "C:/Python26/Lib/site-packages/django/contrib/admin/
media"
WSGIScriptAlias / "C:/www/mysite/pdbsite/apache/django.wsgi"
#Accessible directories ----------------------
<Directory "C:/www/mysite/pdbsite/main/site_media">
Order deny,allow
Allow from all
</Directory>
<Directory "C:/Python26/Lib/site-packages/django/contrib/admin/
media">
Order deny,allow
Allow from all
</Directory>
<Directory "C:/www/mysite/pdbsite/apache">
Order deny,allow
Allow from all
</Directory>
#Dynamic content settings ----------------------
#IMPORTANT!! Windows does not support daemon mode
#WSGIDaemonProcess mysite.net processes=2 threads=15 display-name=%
{GROUP}
#WSGIProcessGroup mysite.net
#SSL ------------------------------------------
SSLEngine on
SSLCertificateFile "C:/Program Files/Apache Software Foundation/
Apache2.2/conf/ssl/cert.pem"
SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/
Apache2.2/conf/ssl/server.key"
</VirtualHost>
#</IfDefine>
.....