ServerName default.server.name <= this is the default hostname, as set on the "Settings" page, not associated with the IP address ww.xx.yy.zz SSLEngine On SSLCertificateFile /etc/ssl/certs/apache/foobar.crt <= this is the certificate set up in "IPs and Ports" for this very IP address
</VirtualHost>
When I uncheck "create nameVirtualHost statement", then this file will cause an apache warning:
[warn] VirtualHost #:443 overlaps with VirtualHost #:443, the first has precedence, perhaps you need a NameVirtualHost directive
When I check "create nameVirtualHost statement", then non-SNI aware browsers will load the wrong certificate and warn about that.
How can I stop froxlor creating VirtualHost containers for the default server name and the SSL specific IPs?
I started a similar thread on debianforum.de and received useful answers, but got kind of stuck at this point. I will summarize on both forums.
Question
donnerstag
Hi all,
I have trouble setting up multiple SSL websites (vhosts) using froxlor.
I deliberately want to use unique IP addresses (so it works with each and every browser). That's why I don't want to use apache's
SNI feature (that would allow per-domain certificates).
Now my problem seems to boil down to this:
No matter if I check the "Create NameVirtualHost statement" option "in IPs and Ports" or not, froxlor will always generate
files like:
/etc/apache2/sites-enabled/10_froxlor_ipandport_ww.xx.yy.zz.443.conf
containing:
<VirtualHost ww.xx.yy.zz:443>
ServerName default.server.name <= this is the default hostname, as set on the "Settings" page, not associated with the IP address ww.xx.yy.zz
SSLEngine On
SSLCertificateFile /etc/ssl/certs/apache/foobar.crt <= this is the certificate set up in "IPs and Ports" for this very IP address
</VirtualHost>
When I uncheck "create nameVirtualHost statement", then this file will cause an apache warning:
[warn] VirtualHost #:443 overlaps with VirtualHost #:443, the first has precedence, perhaps you need a NameVirtualHost directive
When I check "create nameVirtualHost statement", then non-SNI aware browsers will load the wrong certificate and warn about that.
How can I stop froxlor creating VirtualHost containers for the default server name and the SSL specific IPs?
I started a similar thread on debianforum.de and received useful answers, but got kind of stuck at this point. I will summarize on both forums.
Thanks all!
do.
Link to comment
Share on other sites
5 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.