Apache+mod_ssl 1->2 Migratory Issues

I just finished spending a few hours debugging some difficult to diagnose errors with Apache 2.0.39. I was migrating to Apache 2 from an existing setup running Apache 1.3.24 with mod_ssl.

Old Setup

The working setup with Apache 1.3.24 was about 5 NameVirtualHosts, with one of th NameVirtualHosts also doing SSL (HTTPS).

Problem

The trouble essentially boiled down to getting Apache 2 to speak HTTPS and HTTP out of the "correct," respective ports. After an hour-ish of twiddling the config files and restarting a test server, i eventually realized that while Apache 2 was listening on both ports, it was only speaking one protocol (HTTP or HTTPS) on both ports. This causes some strange errors when your browser sends an HTTP request to the HTTPS port, such as this in Apache's error_log:

[Thu Jun 20 02:01:02 2002] [error] SSL handshake failed (server www.ewranglers.com:443, client 64.124.107.148)
[Thu Jun 20 02:01:02 2002] [error] SSL Library Error: 336511151 error:140EC0AF:lib(20):func(236):reason(175)

HTTPS requests to port expect HTTP resulted in Netscape just saying:

The document contained no data.
Try again later, or contact the server's administrator.
... but usually nothing in Apache's error log.

Solution

The Solution was to rewrite the VirtualHost goodies in the ssl.conf file so that it looks like this:



##
## SSL Virtual Host Context
##
NameVirtualHost *:4430
###
### BEGIN HTTPS www.ewranglers.com
###

ServerAdmin [email protected]
DocumentRoot /tew/share/vweb/www.ewranglers.com/htdocs
ServerName www.ewranglers.com


(The ssl.conf file is being Included from the main Apache 2 config file: httpd.conf)

This was unexpected, because previously (With Apache 1.3.24), i only needed one NameVirtualHost directive, though with Apache 1 i was using a different VirtualHost directive. Also, Apache 1 supported the "Port" directive, but Apache 2 does not. Here is the old Apache 1 config:



#
# Use name-based virtual hosting.
#
NameVirtualHost 64.124.107.148
###
### BEGIN HTTPS www.ewranglers.com
###

ServerAdmin [email protected]
DocumentRoot /tew/share/vweb/www.ewranglers.com/htdocs
ServerName www.ewranglers.com


It's distinctly possible that the old configuration was of dubious integrity, and dependent on a substantial amount of syntactical tolerance from Apache 1 to work. I'm not saying i want to go back to it. But maybe if your reading this, you are having a similar problem and this might save you some time.


$Id: apache2-ssl.html,v 1.2 2002/06/20 08:22:48 johan Exp $