node@are-b.org
n00b
Joined: 20 Apr 2005
Posts: 44
|
 Posted: Thu Apr 08, 2010 1:14 am Post subject: Upgrading apache from 2.2.14-r1 -> 2.2.15 causes warnings |
 |
|
Hey all,
About 4 weeks ago I did a fresh gentoo-hardened install and setup apache-2.2.14-r1 with vhosts and ssl-vhosts.
I copied the 00_default_ssl_vhost.conf file to 10_example.com_ssl_vhost.conf file and set it up to my likings (e.g. only change the certificate files such as SSLCertificateFile etc) and changed the Include to example.com_vhost.include.
I did have to remove the line NameVirtualHost *:443 as you shouldn't have 2 of those. I had to do the same for the regular port 80 domains. I was supprised why this 'unique' key wasn't in the http.conf file just before the include vhost.d/* but figured it was ok to have it in the 'default' config file but not in the subdomains.
Last week I upgarded to 2.2.15 and etc-update removed NameVirtualHost *:443 from the default config file, and changed <VirtualHost *:443> to <VirtualHost _default_:443>.
I went into my 10_example.com_ssl_vhost.conf and also changed my <VirtualHost *:443> to <VirtualHost _default_:443>. Not that that mattered, I always get a warning from starting apache now.
| Code: |
[Wed Apr 07 21:02:21 2010] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Wed Apr 07 21:02:21 2010] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ ok ]
|
I tried several combinations interchaning the * for _default_ but all to no avail, the only way to get a warning free and functional apache is to re-add the portage removed NameVirtualHost *:443.
I'm no apache expert and find it complex enough as it is and am happy to just get by, but this I'm not quite sure I understand. So here my questions.
*) Why was the line removed from the default vhost config file, if it generates a warning?
*) Why is the line not in the http.conf file (for both normal and ssl vhosts). I think this could be as the include vhost.d/* in httpd.conf doesn't know whether the included host is on which port and thus it is cleaner to just leave it in the default domain file, e.g. localhost.
*) What should I change to fix this properly and warning free. Having multiple domains on a single IP hasn't been an issue anymore with TLS1.1 and SNI.
*) Why was NameVirtualHost only removed from the SSL bit and not the default port 80 file?
For now I just readded NameVirtualHost, so this would either be a bug, or some feature I don't udnerstand yet.
Thanks,
Oliver
Edit:
I found an old (2008, apache 2.2.8 related) bugreport. It is claimed it should be added manually and the sni useflag be used.
However there is no longer such flag, and it worked properly with 2.2.14-r1, I believe sni is now default and supported by apache? So is this worth a new bug report? What has changed from 2.2.14-r1 to 2.2.15 which won't allow sni to work anymore (or was that a Gentoo thing that got lost in the upgrade). |
|
Networking & Security
