HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Multiple HTTPS Sites For One IP (http://www.howtoforge.com/forums/showthread.php?t=17597)

steve1084 23rd November 2007 06:59

Multiple HTTPS Sites For One IP
 
Multiple HTTPS / SSL Sites For One IP :)

http://howtoforge.com/enable-multipl...on-debian-etch

Would just like to comment that I have completed a full install and test of the new TLS implementation and it works a treat. Not in production yet but will be soon.

Some very minor issues with typo's on the howto page, maybe till or falko could correct them

cd /usrsrc/apache2 should be cd /usr/src/apache2

and just to make sure people understand that there are 2 entries for the

Check ob bereits ein SSL Cert auf der IP Existiert

in the /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_web.lib.php file.

I also experienced a minor issue where the - kept changing to a . but this may have been just my machine and the use of puty.

The only other thing people need to know is that this takes a long time to complet and preferably needs a fast internet connection or it could take more than 6 or 8 hours to complet on slower connections so have a coffee and engoy.

Also just wondering is Afer upgrading ispconfig if the /home/admispconfig/ispconfig/lib/classes/ispconfig_isp_web.lib.php file will need editing every time.

Thanks for a howto that makes life a lot better and has been asked for many many times.

Till and falko will enjoy not having to say Thats not possible

Thanks
Steve:) :) :)

steve1084 23rd November 2007 14:58

compatibility of tls and suphp
 
I am now wondering if TLS Multi site ssl is compatible with suphp

Has anyone tried this yet. If its not compatible what would be the alternative.

suexec, apache2-mpm-itk.

both of which are not talked about much on these forums.

anyway thought Id ask and see is there is anyone with any experience, but honestly I don't expect any takers.

Thanks
Steve ;)

chuckl 24th November 2007 17:34

I seem to remember I tested it with suphp a while back without problem, but I was doing a lot of testing and switching with suPHP and SuExec at the time, so I can't be certain.
I don't think it should be an issue, does suPHP really care what the underlying transport is?
I would have thought that browser support for SNI would be a far bigger issue. If 80% or whatever of people connecting use browsers able to support SNI, is it wise to implement it?

falko 24th November 2007 19:31

Quote:

Originally Posted by steve1084
Some very minor issues with typo's on the howto page, maybe till or falko could correct them

cd /usrsrc/apache2 should be cd /usr/src/apache2

Thanks for the report, I've corrected this. :)

steve1084 25th November 2007 17:54

Quote:

Originally Posted by chuckl
I seem to remember I tested it with suphp a while back without problem, but I was doing a lot of testing and switching with suPHP and SuExec at the time, so I can't be certain.
I don't think it should be an issue, does suPHP really care what the underlying transport is?
I would have thought that browser support for SNI would be a far bigger issue. If 80% or whatever of people connecting use browsers able to support SNI, is it wise to implement it?



Probably depends on the site.

There are realy only 2 browsers to worry about and thats IE and Firefox nothing else realy matters (Sorry to those that use Apple's) and most websites would show these two as being closer to 90% or higher of all there users so its probably not going to have much affect negatively as both IE and Firefox support SNI.

The other thing to consider is that within the next 6 to 12 months most if not all browsers will develop support for the new protocols.

A simmple comment on the website explaining that the site requires IE or Firefox or Opera to work correctly untill support is more universal seems simple enough to do. I dont know about search engins and there ability to follow NSI URL's but Google and Yahoo are probably both good to go, there the two biggies.

Probably best to check log files and determin on a site by site basis if its going to have an impact or not.

Thanks for the suphp update Ill give it a go ASAP.
Steve:)

archerjd 19th December 2007 00:01

Quote:

Originally Posted by msource
Hi, there

I have Debian Etch with ISPConfig configured. I apply the patch as described in the how-too, but my apache2 hangs up, and i don't know why.

Could you please help me?

Can you tell me what point in the how-to you got to?
Also, what do you have in the /var/log/apache2/error.log?

Some times when you don't have the required packages or the wrong ones it can give these results.

I just found out that there are newer apache2 packages with a higher version then the ones built in the how-to.
A newer package version can cause conflicts with an older package version.
This does not mean the one you built is older, it just means the version is older.

I'm going to do a little more research and get back to you on this one.

steve1084 19th December 2007 13:36

apache source
 
I did a new install last week and the apache source numbers were different so I changed them in the process where needed and it all worked OK:)

steve1084 19th December 2007 16:08

:)
 
I just like to comment that its a very long winded process and It would be better if it would be done right up front in the initial server setup process instead of after.

Also Im not to sure about the update process and what affect that will have on the system. ie is it going to be OK to do a normal apt-get update in the future and what happens when there is a dist update not to mention updating ispconfig and that everytime we will have go in and manualy adjust several files.

It all seems to add to the complexity of running and maintaining the system.

:)

archerjd 19th December 2007 18:06

Quote:

I just like to comment that its a very long winded process and It would be better if it would be done right up front in the initial server setup process instead of after.

Also I'm not to sure about the update process and what affect that will have on the system. ie is it going to be OK to do a normal apt-get update in the future and what happens when there is a dist update not to mention updating ispconfig and that every time we will have go in and manually adjust several files.
I agree. I wonder if there is a way to compile just the packages you need, not all the packages within the Apache2 source.
For instance, when I recompile Apache2 I also add quota to WEBDAV, I don't need everything else.

Also, there is a way you can use apt to use your new packages as a repository. I think I'll add that to the how-to to make the process less error prone.
Then all you would have to do is run 'apt-get upgrade' and it would install all the packages necessary without you having to guess which ones to install.
:)

steve1084 4th January 2008 01:00

http://www.outoforder.cc/projects/apache/mod_gnutls/
 
some updates as to using this howto

Yes it does what it claims BUT. After some further testing I found that becouse it is so extensively modified that there is limmited or no room for further changes to the system. I was unable to install and use suphp for one example, so in the end I have been unable to use this great possibility.

On the other hand I have come accross what looks like a better alternative, mod_gnutls http://www.outoforder.cc/projects/apache/mod_gnutls/


There isnt much info about how to configure it as yet but looks like a better alternative as the install is just like any other module

I am wondering if anyone has used this module and what was there procedure to get it working.

:)

Thanks
Steve


All times are GMT +2. The time now is 19:56.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.