Link to home
Start Free TrialLog in
Avatar of blokeman
blokemanFlag for Australia

asked on

SSL port configuration - How to listen on additional port to 443?

I wish to set an apache server that is running on Novell OES2 to listen on ports 443 and 444 for SSL.
Is this possible and if so how do I best achieve this given my original config below?

The default listen.conf shows this:
Listen 80
<IfDefine SSL>
    <IfDefine !NOSSL>
	<IfModule mod_ssl.c>

	    Listen 443
	    Listen 444  <<< This is what I added but it didn't work.
	</IfModule>
    </IfDefine>
</IfDefine>

Open in new window


I don't quite understand the above section's logic.
'If SSL', then 'if NOT SSL' means to me that the directive to listen on SSL port 443 (and my additional 444) will never happen.  But 443 is accessible, though 444 is not.

An example I found on the internet looked much simpler like this:
<IfDefine SSL>
Port 80
Port 443
</IfDefine>

Open in new window





Avatar of Steve Bink
Steve Bink
Flag of United States of America image

The Listen directives are fine, but you also need to set up the host entries to turn the SSL engine on.  For example:

Listen 443
Listen 444
<VirtualHost 1.2.3.4:443>
  ServerName myhost.com
  SSLEngine On
  # other SSL related directives here
</VirtualHost>
<VirtualHost 1.2.3.4:444>
  ServerName myotherhost.com
  SSLEngine On
  # other SSL related directives here
</VirtualHost>

Open in new window

Avatar of blokeman

ASKER

You may be on to something there!
I am a linux admin so apache is out of my sphere...What is the name of the file that you added these host entries.
It can be any file, so long as it is included somewhere in your conf chain.  I normally put virtual host definitions in their own file separated by site for better management.  If you look inside your main httpd.conf (or maybe it is apache.conf), you should see where this is already set up.  
Just looking at this again...
Routinet:
I noticed in your example that it has Listen 443

Should I need to include this "Listen 443" in a virtual hosts file if the server is already working with SSL on 443?
The extra bit I want to achieve is SSL on 444 (in addition to 443), so I thought that a virtual host definition should only need 444 mentioned.
It does not matter if the Listen directive is in the main conf file or an include.  It should be in the top (server) scope, so just make sure it is outside of any <VirtualHost>, <Directory>, or other container you create.
I want to keep things as simple and consistent as possible, so I checked /etc/apache/httpd.conf which listed:
Include /etc/apache2/vhosts.d/*.conf
Looking in that include path I found:
vhost-ssl.conf

In that conf file I found:
<VirtualHost _default_:443>

        #  General setup for the virtual host
        DocumentRoot "/srv/www/htdocs"
        #ServerName www.example.com:443
        #ServerAdmin webmaster@example.com
        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
        # other SSL related directives here
</VirtualHost>  

So should I simply just copy the complete <VirtualHost _default_:443> directive to a new directive called <VirtualHost _default_:444>?
Or would I be best to create new log file locations for port 444?

I noticed in your example you have the ServerName directive in use, but my existing <VirtualHost _default_:443> does not include a ServerName directive - does this matter at all?
ASKER CERTIFIED SOLUTION
Avatar of Steve Bink
Steve Bink
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial