# Apache SSL + Name Based Virtual Hosts [SOLVED/]

## HeXiLeD

Recently i came across this issue while setting apache with vhost plus ssl.

This is the error for my 3 vhosts :

```
[warn] Init: SSL server IP/port conflict: domain1:443 (/etc/apache2/vhosts.d/default-ssl.conf:27) vs. domain2:443 (/etc/apache2/vhosts.d/default-ssl.conf:48)

[warn] Init: SSL server IP/port conflict: domain3:443 (/etc/apache2/vhosts.d/default-ssl.conf:7) vs. domain3:443 (/etc/apache2/vhosts.d/default-ssl.conf:48)

[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
```

I figured that this error is related to the ssl port used. so i decided to set all 3 ssl vhosts using ports from 443 to 445 just to test. That "solved the error"

From apache documentation:

Why can't I use SSL with name-based/non-IP-based virtual hosts?

Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts

Questions:

1: Can we use it or not ? the ssl handshake seems to work but the logs show that error. 

2: So is this error just an annoyance and everything works properly ?

From gentoo wiki docs:

Using mod_ssl

File: /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts

Questions: 

3: Is this example right or wrong ?

4: And being set like this does it also outputs the error but ssl works ?

```
<IfDefine SSL>

  <IfDefine SSL_DEFAULT_VHOST>

    <IfModule ssl_module>

      Listen 443

      NameVirtualHost *:443

      <VirtualHost *:443>

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/server.crt

        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        ServerName domain.tld

        SSLOptions StrictRequire

        SSLProtocol all -SSLv2

        DocumentRoot /path/to/ssl/enabled/site

        <Directory /path/to/ssl/enabled/site/>

          SSLRequireSSL

          Order Deny,Allow

          Allow from All

        </Directory>

      </VirtualHost>

      <VirtualHost *:443>

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/otherserver.crt

        SSLCertificateKeyFile /etc/apache2/ssl/otherserver.key

        ServerName otherdomain.tld

        SSLOptions StrictRequire

        SSLProtocol all -SSLv2

        DocumentRoot /path/to/other/ssl/enabled/site

        <Directory /path/to/other/ssl/enabled/site/>

          SSLRequireSSL

          Order Deny,Allow

          Allow from All

        </Directory>

      </VirtualHost>

    </IfModule>

  </IfDefine>

</IfDefine>
```

From this other guy with the same error:

HOWTO: Apache 2 SSL Name-Based Virtual Hosting

I recently reported being stuck trying to set up multiple SSL name-based virtual hosts on the same 

IP address with non-SSL name-based virtual hosts. 

http://fob.po8.org/node/289

My vhost setting is very similar to the one above, except that  i have the same ssl certificate for all hosts ( to be changed later) but i am confused about all this documentation.

Question:

5: is this error IP based ? or Port based ? seems if i change the port; the error goes away. 

6: how about if i use mod_tls ?

Whas your input ?

If possible answer by question number.

Thank you  :Smile: 

----------

## desultory

 *HeXiLeD wrote:*   

> 1: Can we use it or not ? the ssl handshake seems to work but the logs show that error. 

 The connections would be encrypted, but the certificates would not, necessarily, match the host the client requested the page from, if that is not a problem in your use case you can use it as is.

 *HeXiLeD wrote:*   

> 2: So is this error just an annoyance and everything works properly ?

 Not exactly, as indicated by the documentation which you linked to.

 *HeXiLeD wrote:*   

> 3: Is this example right or wrong ?

 In a way, both.

 *HeXiLeD wrote:*   

> 4: And being set like this does it also outputs the error but ssl works ?

 Yes.

 *HeXiLeD wrote:*   

> 5: is this error IP based ? or Port based ? seems if i change the port; the error goes away. 

 Yes.

 *HeXiLeD wrote:*   

> 6: how about if i use mod_tls ?

 The underlying protocol conditions remain.

 *HeXiLeD wrote:*   

> Whas your input ?

 The most appropriate solution depends on quite how the virtual hosts are to be used.

 *HeXiLeD wrote:*   

> If possible answer by question number.

 So long as quoting each question fits, given that it makes for more convenient reading by others.

----------

## HeXiLeD

Ok  i have solved the whole thing.

3 options  can be taken to solve this issue with mod_ssl and vhosts.

1: Change the ssl port for every ssl enabled vhost

2: Change/add the ip  for every ssl enabled vhost

3: use mod_gnutls.

I decided to take the third option. My ssl/tls vhosts are running without that error.

(apache must be compiled with SNI)

Some useful links related to this:

http://www.numlock.ch/news/it/gentoo-tlsssl-and-name-based-apache-virtual-hosts-using-mod_ssl

https://sni.velox.ch

http://www.howtoforge.com/enable-multiple-https-sites-on-one-ip-using-tls-extensions-on-debian-etch ( gentoo does not need the patch according to gentoo's documentation)

http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls

http://tools.ietf.org/html/rfc3546

http://en.wikipedia.org/wiki/Transport_Layer_Security

http://en.wikipedia.org/wiki/HMAC

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

http://journal.paul.querna.org/articles/2005/04/24/tls-server-name-indication/?postid=70,

http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html

However  i have some new questions that rose from a couple errors while doing the configs. something is not 100%.

If i add  SSLStrictSNIVHostCheck off ) as seen here http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI  in the gentoo tutorial; i get the following error:

```
apache2 has detected a syntax error in your configuration files:

Syntax error on line 23 of /etc/apache2/vhosts.d/default-tls.conf:

Invalid command 'SSLStrictSNIVHostCheck', perhaps misspelled or defined by a module not included in the server configuration
```

and if i use  GnuTLSClientCAFile  /etc/apache2/ssl/certificates/CA-bundle.crt in that same conf as the gentoo tutorial i get this error:

```
apache2 has detected a syntax error in your configuration files:

Syntax error on line 14 of /etc/apache2/vhosts.d/default-tls.conf:

GnuTLS: Error Reading Client CA File '/etc/apache2/ssl/certificates/CA-bundle.crt'
```

Your input ?

----------

## HeXiLeD

Well  i have bee trying several configurations and i still have some problems.

The ones posted on my last post and the fact that  i cannot load each individual certificate for its own vhost.

No matter what its always  the first vhost cert that loads for the rest of the vhosts.

Any ideas ?

/etc/conf.d/apache

```
APACHE2_OPTS="-D GNUTLS  -D INFO -D STATUS -D LANGUAGE -D PHP5 -D DAV -D DAV_FS -D SVN -D SVN_AUTHZ -D EVASIVE -D AUTH_MYSQL -D AUTH_DIGEST -D BW -D SECURITY
```

# cat  /etc/apache2/vhosts.d/default-listen.conf 

```
# The value of a NameVirtualHost directive has to match the content of <VirtualHost> exactly and neither should be a hostname. 

# For example, NameVirtualHost *:80 must be used with <VirtualHost *:80> or "NameVirtualHost *:80" must appear only once in a configuration.

# General settings

# For HTTP

Listen <boxip>:80

NameVirtualHost *:80

# For HTTPS

Listen <boxip>:443

NameVirtualHost *:443

```

The TLS vhosts

/etc/apache2/vhosts.d/

```
# README @ http://www.outoforder.cc/projects/apache/mod_gnutls/docs

#          http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#sni-example

# Domain1

      <VirtualHost *:443>

        GnuTLSEnable on

        GnuTLSExportCertificates on

        GnuTLSCacheTimeout 500

        # Go ahead and accept connections for these

        # from non-SNI clients SSL/TLS vhosts

        # This setting is for use with gnu_tls

        #SSLStrictSNIVHostCheck off  #(if uncommented = error  posted above )

        GnuTLSCertificateFile /etc/apache2/ssl/server.crt

        GnuTLSKeyFile /etc/apache2/ssl/server.key

        #GnuTLSClientCAFile  /etc/apache2/ssl/certificates/CA-bundle.crt #(if uncommented = error  posted above)

        ServerName domain1.com

        ServerAdmin web@domain1.com

        ServerAlias yo.domain1.com *.domain1.com

        GnuTLSPriorities  SECURE:!DHE-RSA:!DHE-DSS:!AES-256-CBC:!CAMELLIA-256-CBC:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-SSL3.0:+AES-256-CBC:+RSA:+SHA1

        DocumentRoot /path/domain1

        <Directory /path/domain1/>

          Order Deny,Allow

          Allow from All

        </Directory>

      </VirtualHost>

# domain2

 <VirtualHost *:443>

        GnuTLSEnable on

        GnuTLSExportCertificates on

        GnuTLSCacheTimeout 500

        # Go ahead and accept connections for these

        # from non-SNI clients SSL/TLS vhosts

        # This setting is for use with gnu_tls

        # SSLStrictSNIVHostCheck off  (if uncommented = error  posted above)

        GnuTLSCertificateFile /etc/apache2/ssl/mvnet.crt

        GnuTLSKeyFile /etc/apache2/ssl/mvnet.key

        #GnuTLSClientCAFile  /etc/apache2/ssl/certificates/curl-ca-bundle.crt (if uncommented = error  posted above 

        ServerName domain2.com

        ServerAdmin web@domain2.com

        ServerAlias yo.domain2.com *.domain2.com

        GnuTLSPriorities  SECURE:!DHE-RSA:!DHE-DSS:!AES-256-CBC:!CAMELLIA-256-CBC:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-SSL3.0:+AES-256-CBC:+RSA:+SHA1

        DocumentRoot /path/domain2

         <Directory /path/domain2/>

         Order Deny,Allow

          Allow from All

         Order Deny,Allow

          Allow from All

        </Directory>

      </VirtualHost>

```

----------

## cach0rr0

I don't know if this will help at all, but...my configuration works, don't get that error, and do similar (two separate certs from CACert.org, with subjaltnames for all of the cnames, etc etc etc)

Config is as such:

```

<IfDefine SSL>

<IfDefine SSL_DEFAULT_VHOST>

<IfModule ssl_module>

Listen 443

NameVirtualHost *:443

<VirtualHost *:443>

   ServerName gentoob0x.whitehathouston.com

   ServerAlias www.whitehathouston.com whitehathouston.com

   Include /etc/apache2/vhosts.d/default_vhost.include

   ErrorLog /var/log/apache2/ssl_error_log

   <IfModule log_config_module>

      TransferLog /var/log/apache2/ssl_access_log

   </IfModule>

   SSLEngine on

   SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

   SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

   SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

   <FilesMatch "\.(cgi|shtml|phtml|php)$">

      SSLOptions +StdEnvVars

   </FilesMatch>

   <Directory "/var/www/localhost/cgi-bin">

      SSLOptions +StdEnvVars

   </Directory>

   <IfModule setenvif_module>

      BrowserMatch ".*MSIE.*" \

         nokeepalive ssl-unclean-shutdown \

         downgrade-1.0 force-response-1.0

   </IfModule>

   <IfModule log_config_module>

      CustomLog /var/log/apache2/ssl_request_log \

         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

   </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName books.whitehathouston.com

        Include /etc/apache2/vhosts.d/books_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName eu.whitehathouston.com

        Include /etc/apache2/vhosts.d/eu_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName mail.whitehathouston.com

        Include /etc/apache2/vhosts.d/mail_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName music.whitehathouston.com

        Include /etc/apache2/vhosts.d/music_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName spam.whitehathouston.com

        Include /etc/apache2/vhosts.d/spam_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName torrent.whitehathouston.com

        Include /etc/apache2/vhosts.d/torrent_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName blueball.me

   ServerAlias dont.blueball.me please.blueball.me

        Include /etc/apache2/vhosts.d/blueball_ssl_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/blueball.crt

        SSLCertificateKeyFile /etc/apache2/ssl/blueball.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

<VirtualHost *:443>

        ServerName info.whitehathouston.com

        Include /etc/apache2/vhosts.d/info_vhost.include

        ErrorLog /var/log/apache2/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/gentoob0x.crt

        SSLCertificateKeyFile /etc/apache2/ssl/gentoob0x.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

</IfModule>

</IfDefine>

</IfDefine>

```

gentoob0x vhosts.d # equery uses apache

```

[ Searching for packages matching apache... ]

[ Colour Code : set unset ]

[ Legend : Left column  (U) - USE flags from make.conf              ]

[        : Right column (I) - USE flags packages was installed with ]

[ Found these USE variables for www-servers/apache-2.2.10 ]

 U I

 + + apache2_modules_actions         : Provides for executing CGI scripts based on media type or request method

 + + apache2_modules_alias           : Provides for mapping different parts of the host filesystem in the document tree and for URL redirection

 - - apache2_modules_asis            : Sends files that contain their own HTTP headers

 + + apache2_modules_auth_basic      : Basic authentication

 - - apache2_modules_auth_digest     : User authentication using MD5 Digest Authentication

 + + apache2_modules_authn_alias     : Provides the ability to create extended authentication providers based on actual providers

 + + apache2_modules_authn_anon      : Allows "anonymous" user access to authenticated areas

 - - apache2_modules_authn_dbd       : User authentication using an SQL database

 + + apache2_modules_authn_dbm       : User authentication using DBM files

 + + apache2_modules_authn_default   : Authentication fallback module

 + + apache2_modules_authn_file      : User authentication using text files

 + + apache2_modules_authz_dbm       : Group authorization using DBM files

 + + apache2_modules_authz_default   : Authorization fallback module

 + + apache2_modules_authz_groupfile : Group authorization using plaintext files

 + + apache2_modules_authz_host      : Group authorizations based on host (name or IP address)

 + + apache2_modules_authz_owner     : Authorization based on file ownership

 + + apache2_modules_authz_user      : User Authorization

 + + apache2_modules_autoindex       : Generates directory indexes, automatically, similar to the Unix ls command

 + + apache2_modules_cache           : Content cache keyed to URIs

 - - apache2_modules_cern_meta       : CERN httpd metafile semantics

 - - apache2_modules_charset_lite    : Specify character set translation or recoding

 + + apache2_modules_dav             : Distributed Authoring and Versioning (WebDAV) functionality

 + + apache2_modules_dav_fs          : filesystem provider for mod_dav

 + + apache2_modules_dav_lock        : generic locking module for mod_dav

 - - apache2_modules_dbd             : Manages SQL database connections

 + + apache2_modules_deflate         : Compress content before it is delivered to the client

 + + apache2_modules_dir             : Provides for "trailing slash" redirects and serving directory index files

 + + apache2_modules_disk_cache      : Content cache storage manager keyed to URIs

 - - apache2_modules_dumpio          : Dumps all I/O to error log as desired

 + + apache2_modules_env             : Modifies the environment which is passed to CGI scripts and SSI pages

 + + apache2_modules_expires         : Generation of Expires and Cache-Control HTTP headers according to user-specified criteria

 + + apache2_modules_ext_filter      : Pass the response body through an external program before delivery to the client

 + + apache2_modules_file_cache      : Caches a static list of files in memory

 + + apache2_modules_filter          : Context-sensitive smart filter configuration module

 + + apache2_modules_headers         : Customization of HTTP request and response headers

 - - apache2_modules_ident           : RFC 1413 ident lookups

 - - apache2_modules_imagemap        : Server-side imagemap processing

 + + apache2_modules_include         : Server-parsed html documents (Server Side Includes)

 + + apache2_modules_info            : Provides a comprehensive overview of the server configuration

 + + apache2_modules_log_config      : Logging of the requests made to the server

 - - apache2_modules_log_forensic    : Forensic Logging of the requests made to the server

 + + apache2_modules_logio           : Logging of input and output bytes per request

 + + apache2_modules_mem_cache       : Content cache keyed to URIs

 + + apache2_modules_mime            : Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)

 + + apache2_modules_mime_magic      : Determines the MIME type of a file by looking at a few bytes of its contents

 + + apache2_modules_negotiation     : Provides for content negotiation

 - - apache2_modules_proxy           : HTTP/1.1 proxy/gateway server

 - - apache2_modules_proxy_ajp       : AJP support module for mod_proxy

 - - apache2_modules_proxy_balancer  : mod_proxy extension for load balancing

 - - apache2_modules_proxy_connect   : mod_proxy extension for CONNECT request handling

 - - apache2_modules_proxy_ftp       : FTP support module for mod_proxy

 - - apache2_modules_proxy_http      : HTTP support module for mod_proxy

 + + apache2_modules_rewrite         : Provides a rule-based rewriting engine to rewrite requested URLs on the fly

 + + apache2_modules_setenvif        : Allows the setting of environment variables based on characteristics of the request

 + + apache2_modules_speling         : Attempts to correct mistaken URLs that users might have entered by ignoring capitalization and by allowing up to one misspelling

 + + apache2_modules_status          : Provides information on server activity and performance

 - - apache2_modules_substitute      : Perform search and replace operations on response bodies

 + + apache2_modules_unique_id       : Provides an environment variable with a unique identifier for each request

 + + apache2_modules_userdir         : User-specific directories

 + + apache2_modules_usertrack       : Clickstream logging of user activity on a site

 - - apache2_modules_version         : Version dependent configuration

 + + apache2_modules_vhost_alias     : Provides for dynamically configured mass virtual hosting

 - - apache2_mpms_event              : An experimental variant of the standard worker MPM

 - - apache2_mpms_itk                : Allows to run each virtual host under a separate uid and gid

 - - apache2_mpms_peruser            : Peruser is a working implementation of the perchild MPM allowing to run each apache child process as its own user and group, each handling its own set of virtual hosts

 - - apache2_mpms_prefork            : Implements a non-threaded, pre-forking web server

 - - apache2_mpms_worker             : Multi-Processing Module implementing a hybrid multi-threaded multi-process web server

 - - debug                           : Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml

 - - doc                             : Adds extra documentation (API, Javadoc, etc)

 + + ldap                            : Adds LDAP support (Lightweight Directory Access Protocol)

 - - selinux                         : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

 + + sni                             : Enable TLS Server Name Indication (SNI) - EXPERIMENTAL!

 + + ssl                             : Adds support for Secure Socket Layer connections

 - - static                          : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically

 - - suexec                          : Install suexec with apache

 - - threads                         : Adds threads support for various packages. Usually pthreads

```

----------

## cach0rr0

also: i dont use gnutls

hardened profile, amd64

realize this isn't a build-related issue, but....I had your original issue when I didn't build in SNI support. 

gentoob0x vhosts.d # emerge --info

```
Portage 2.1.6.11 (hardened/linux/amd64/2008.0, gcc-3.4.6, glibc-2.8_p20080602-r1, 2.6.28-hardened-r7 x86_64)

=================================================================

System uname: Linux-2.6.28-hardened-r7-x86_64-AMD_Phenom-tm-_9950_Quad-Core_Processor-with-glibc2.3.2

Timestamp of tree: Wed, 06 May 2009 19:15:02 +0000

app-shells/bash:     3.2_p39

dev-lang/python:     2.4.4-r6, 2.5.4-r2

dev-python/pycrypto: 2.0.1-r8

sys-apps/baselayout: 1.12.11.1

sys-apps/sandbox:    1.6-r2

sys-devel/autoconf:  2.63

sys-devel/automake:  1.7.9-r1, 1.10.2

sys-devel/binutils:  2.18-r3

sys-devel/gcc-config: 1.4.0-r4

sys-devel/libtool:   1.5.26

virtual/os-headers:  2.6.27-r2

ACCEPT_KEYWORDS="amd64"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-O2 -pipe -fforce-addr"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"

CXXFLAGS="-O2 -pipe -fforce-addr"

DISTDIR="/usr/portage/distfiles"

FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"

GENTOO_MIRRORS="http://gentoo.osuosl.org/ "

LDFLAGS="-Wl,-O1"

MAKEOPTS="-j8"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"

USE="acl amd64 apache2 bcmath berkdb bzip2 cli cracklib crypt ctype cups curl dri dynamicplugin exif ftp gd gdbm gpm hardened iconv imap isdnlog json justify ldap maildir midi mmx mudflap multilib mysql ncurses nptl nptlonly pam pcre pdo perl php pic pppd python readline reflection samba sasl session simplexml smbkrb5passwd sni soap spl sse sse2 ssl sysfs tcpd urandom wddx xml xorg zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
```

----------

## mariourk

I agree with cach0rr0. It seems that mod_gnutls is not really needed to get SNI working.

You need to:

* Compile apache with the sni and ssl USE-flags

* Enable these options in /etc/conf.d/apache2

```

-D SSL_DEFAULT_VHOST -D SSL

```

* Make sure this line is in your /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

```

NameVirtualHost *:443

```

I have it below the Listen option, like this:

```

Listen 443

NameVirtualHost *:443

```

That seems to have done the trick on my server.

----------

## HeXiLeD

 *mariourk wrote:*   

> I agree with cach0rr0. It seems that mod_gnutls is not really needed to get SNI working.
> 
> You need to:
> 
> * Compile apache with the sni and ssl USE-flags
> ...

 

Current apache flags:

```
 www-servers/apache-2.2.14-r1  USE="-debug -doc -ldap (-selinux) ssl -static -suexec -threads" APACHE2_MODULES="actions alias -asis auth_basic auth_digest -authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache -cern_meta -charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache -dumpio env expires ext_filter file_cache filter headers ident imagemap include info log_config -log_forensic logio mem_cache mime mime_magic negotiation -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_ftp -proxy_http rewrite setenvif speling status -substitute unique_id userdir usertrack -version vhost_alias" APACHE2_MPMS="-event -itk -peruser -prefork -worker"
```

SNI is gone

SSL name based VHOST:

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

 *Quote:*   

> Why can't I use SSL with name-based/non-IP-based virtual hosts?
> 
> The reason is very technical, and a somewhat "chicken and egg" problem. The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server Apache has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase. Bingo!
> 
> Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?
> ...

 

I am also having a problem withe the default_ssl_vhost and i cant remember if something changed of not.

I was under the impression that before we were able to compile apache without the default vhost support.

I am correct ? I do not want to have the default vhost feature compiled in.

did anything changed and if so, what was it ?

----------

## HeXiLeD

I am now using SSL only ( no TLS ).

I am not using the default vhosts options in /etc/conf.d/apache2  only -D SSL.

All SSH Vhosts are working with each individual SSL certificate.

Solution to this problem was found after Having some sleep, redo the basic SSL configuration files with minimal settings and slap myself a couple times.

Problem is SOLVED

----------

