SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Apr 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mod_python + ssl ???

    (I posted this on alt.apache.configuration but thought i'd try here as well...)

    I'm very new to ssl and apache config so this may be obvious. I'm
    running on apache2 on mac os x leopard. All urls except /static are
    handled by python. However, when I set "SSLEngine On", none of my urls
    respond. They all come back "Failed to open page" in my browser. What
    am I doing wrong? Thanks.


    ---------httpd.conf----------
    ServerRoot "/usr"
    Listen 80
    Listen 443
    LoadModule python_module libexec/apache2/mod_python.so
    LoadModule mime_module libexec/apache2/mod_mime.so
    LoadModule ssl_module libexec/apache2/mod_ssl.so
    User www
    Group www
    DocumentRoot "/code/public"
    ServerName www.domain.com #actually my domain
    ErrorLog /private/var/log/apache2/error_log
    LogLevel warn
    <IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-
    Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-
    Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog /private/var/log/apache2/access_log common
    </IfModule>
    DefaultType text/plain
    <IfModule mime_module>
    TypesConfig /private/etc/apache2/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
    </IfModule>
    <VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile "/certs/www.domain.com.crt"
    SSLCertificateKeyFile "/certs/www.domain.com.key"
    SSLCertificateChainFile "/certs/gd_intermediate_bundle.crt"
    </VirtualHost>
    <Location "/">
    SetHandler mod_python
    PythonHandler lib.app
    PythonDebug On
    PythonPath "['/code/'] + sys.path"
    </Location>
    <Location "/admin">
    SetHandler mod_python
    PythonHandler lib.admin
    PythonDebug On
    PythonPath "['/code/'] + sys.path"
    </Location>
    <Location "/static">
    SetHandler none
    </Location>

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    nw,

    First, WELCOME to SitePoint's Apache Forum!

    Now, for the bad part: I haven't worked on a mac in too many years to admit.

    Your listen statement(s) look okay but I'm not so sure about using your FULLY QUALIFIED DOMAIN on localhost. IMHO, that should NOT work (but probably did before you added the SSL).

    Only one VirtualHost? And that doesn't have a ServerAlias?

    I'm sure you've got some good documentation with your Mac program but those are the placed I'd start looking.

    Sorry to be so useless for you with your mac.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Member
    Join Date
    Apr 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried the same config on debian etch (on amazon ec2). Works without SSLEngine. Fails with SSLEngine.

  4. #4
    SitePoint Member
    Join Date
    Apr 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quick update:

    I added ServerName www.domain.com:443 to the virtualhost:443 section. That allows me to connect to http://www.domain.com with no problem. But, https://www.domain.com:443/ never loads. Same behavior on my macbook and on the debian server.

    Thanks for any help!

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    hw,

    Are you still using the fully qualified (INTERNET) domain name for localhost testing? DON'T!

    Have you correctly created virtual hosts for BOTH port 80 and port 443? DO!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Member
    Join Date
    Apr 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm doing the testing mainly on the debian server (which dns resolves to my domain name correctly)

    Here is what I'm using (works for regular but times out for ssl):

    ---------httpd.conf----------

    ServerName www.domain.com

    NameVirtualHost *:443
    NameVirtualHost *:80

    <VirtualHost *:80>
    </VirtualHost>

    <VirtualHost *:443>
    ServerName www.domain.com:443
    SSLEngine On
    SSLCertificateFile "/certs/www.domain.com.crt"
    SSLCertificateKeyFile "/certs/www.domain.com.key"
    SSLCertificateChainFile "/certs/gd_intermediate_bundle.crt"
    </VirtualHost>


    <Location "/">
    SetHandler mod_python
    PythonHandler lib.app
    PythonDebug On
    PythonPath "['/code/'] + sys.path"
    </Location>


    <Location "/static">
    SetHandler none
    </Location>

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    nw,

    While I'm NOT a mac user, I'm bewildered at your httpd.conf (which should not be any different than for WinDoze or 'Nix). So, our best bet is for me to make comments about the code you've shown.
    [code]---------httpd.conf----------

    ServerName www.domain.com
    Unless you are hosting this domain live, it's best to just use 'domain' on a 'test server.' If you are live, then you'll need to replace the *'s below with your dedicated IP address.

    NameVirtualHost *:443
    I think you should take care of the :443 in the VirtualHost section, not here
    NameVirtualHost *:80

    <VirtualHost *:80>
    You need ServerAlias, ServerName, DocumentRoot, etc here
    </VirtualHost>

    <VirtualHost *:443>
    ServerName www.domain.com:443
    Should be 'domain' again, not repeat the www and :443
    SSLEngine On
    SSLCertificateFile "/certs/www.domain.com.crt"
    SSLCertificateKeyFile "/certs/www.domain.com.key"
    SSLCertificateChainFile "/certs/gd_intermediate_bundle.crt"
    DocumentRoot?
    </VirtualHost>


    <Location "/">
    SetHandler mod_python
    PythonHandler lib.app
    PythonDebug On
    PythonPath "['/code/'] + sys.path"
    </Location>
    That applies to domain's DocumentRoot

    <Location "/static">
    SetHandler none
    </Location>[/QUOTE]

    I'm not sure how/why the mac should be different but ...

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •