| View previous topic :: View next topic |
| Author |
Message |
jasonmaier
n00b
Joined: 18 Jul 2002
Posts: 16
|
 Posted: Tue Jul 29, 2003 1:04 pm Post subject: apache2 ssl-vhosts and Setenv VLOG |
 |
|
heys,
i put up an ssl apache server with an ssl vhost. it works quite fine exept the Setenv VLOG command. my vhost conf is like:
part of 41_mod_ssl.default-vhost.conf:
| Code: |
<VirtualHost IP:443>
SSLEngine on
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SSLOptions StrictRequire
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM
ServerAdmin EMAIL
DocumentRoot /home/httpd/htdocs/
ServerName SERVERNAME
Setenv VLOG
</VirtualHost>
|
my problem is that now, apache2 logs ssl acces to this virtual server in acces.log and not in apache2/VLOG-YYYY-MM-<ServerName>.log or anywhere else in an ssl_acces.log.
i would like to have access to that host logged anywhere else than in my standart servers log files. the thing i definitly do not want is ssl-access be logged in the acces.log file of the main web server.
thank you for every advice,
joerg maier |
|
| Back to top |
|
 |
kopfarzt
Apprentice
Joined: 05 Apr 2003
Posts: 170
Location: Vienna, Austria
|
| Posted: Tue Jul 29, 2003 2:01 pm Post subject: |
|
|
Simply add a | Code: | | CustomLog logs/access-ssl.log combined |
line to your virtual host settings. It might even work to copy the CustomLog line (the one containing env=VLOG) from your apache2.conf file.
kopfarzt |
|
| Back to top |
|
|
jasonmaier
n00b
Joined: 18 Jul 2002
Posts: 16
|
| Posted: Tue Jul 29, 2003 6:50 pm Post subject: |
|
|
okay, but now this seems to me as if i have now a combined logfile for all requests to that host. but how can i now divide the requests if they were https or http? and by the way, i found sth like that in the configfiles:
| Code: |
#- We added the Setenv VLOG directive. This works in conjunction with
# the CustomLog in commonapache2.conf. When Setenv VLOG is set, apache will
# create a /var/log/apache2/VLOG-YYYY-MM-<ServerName>.log instead of logging
# to access_log. Use this instead of defining a special logfile for
# each vhost, otherwise you eat up file descriptors.
|
so they advice me to use VLOG. but it seems to me that its not working without logfile specified.
thanks a lot , joerg |
|
| Back to top |
|
|
kopfarzt
Apprentice
Joined: 05 Apr 2003
Posts: 170
Location: Vienna, Austria
|
| Posted: Wed Jul 30, 2003 10:19 am Post subject: |
|
|
If you don't have many vhosts (lets say less than 10), it might be reasonable to live without the VLOG stuff and add a CustomLog line to each VirtualHost entry. The number of available file-descriptors is usually in the 10s of thousands so this should not cause any problems.
I don't understand why you have a combined logfile for all server requests if you add the CustomLog line. Everything within a VirtualHost directive, should be used only for the virtual host (IP:443 ServerName NAME). Did you try it?
kopfarzt |
|
| Back to top |
|
|
jasonmaier
n00b
Joined: 18 Jul 2002
Posts: 16
|
| Posted: Wed Jul 30, 2003 12:32 pm Post subject: |
|
|
hey
| Quote: |
I don't understand why you have a combined logfile for all server requests if you add the CustomLog line. Everything within a VirtualHost directive, should be used only for the virtual host (IP:443 ServerName NAME). Did you try it?
|
ok, in this context its not necessary, but when my vhost allows https and http requests and i have a log like
| Code: |
CustomLog logs/access-ssl.log combined
|
how can i make differences between https and http requests in my logfiles?
Thank you,
joerg |
|
| Back to top |
|
|
kopfarzt
Apprentice
Joined: 05 Apr 2003
Posts: 170
Location: Vienna, Austria
|
| Posted: Wed Jul 30, 2003 12:42 pm Post subject: |
|
|
You will have two Logfiles, as you define two virtual hosts with their own CustomLog lines, one for http and one for https:
| Code: |
<VirtualHost 1.2.3.4:80>
ServerName www.foo.com
CustomLog logs/access.www.foo.com.log combined
...
</VirtualHost>
<VirtualHost 1.2.3.4:443>
ServerName www.foo.com
CustomLog logs/access-ssl.www.foo.com.log combined
...
</VirtualHost>
|
http://www.foo.com/ logs to logs/access.www.foo.com.log,
https://www.foo.com/ logs to logs/access-ssl.www.foo.com.log
kopfarzt |
|
| Back to top |
|
|
jasonmaier
n00b
Joined: 18 Jul 2002
Posts: 16
|
| Posted: Wed Jul 30, 2003 2:56 pm Post subject: |
|
|
hi,
ok this will work and is what i expect, thank you. so you are not able to define a virtual host listening on both ports (80 and 443) in one
| Code: |
<VirtualHost .......>
......
</VirtualHost>
|
Directive?
cheers, joerg |
|
| Back to top |
|
|
kopfarzt
Apprentice
Joined: 05 Apr 2003
Posts: 170
Location: Vienna, Austria
|
| Posted: Wed Jul 30, 2003 3:11 pm Post subject: |
|
|
No, it would not make sense. Take for example the line . If you could put the two hosts in the same VirtualHost directive, it would mean, to run a SSL enabled server on port 80 and on port 443, which is not what you want. For Apache the meaning of a port is irrelevant. If you want to be obscure, you can configure a http server on port 443 and a https server on port 80. 
So for every NameVirtualHost directive you should have a VirtualHost block (though I think some form of wildcarding is possible).
With the ServerName directive you can however handle different names in the same VirtualHost block.
kopfarzt |
|
| Back to top |
|
|
|
Networking & Security
