Update: See the end for the answer received from many folks. I just hope this gets indexed well...
I have a web server running Apache 2.2 ("Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.10 with Suhosin-Patch configured" to be exact). I act as host for lots of my friends, all over one IP address; let's call it 1.2.3.4. The httpd.conf file reads, in part:
NameVirtualHost 1.2.3.4 Listen 1.2.3.4:80 <VirtualHost nothing.proper.com> ServerName nothing.proper.com DocumentRoot /usr/web/placeholder </VirtualHost> <VirtualHost somethingelse.proper.com> . . .
Now I want to add an SSL server to that same site. I have gotten an SSL cert for it and configured the cert properly. I add to my httpd.conf:
SSLSessionCache dbm:/path/to/apache22/gcache SSLVerifyClient none SSLSessionCacheTimeout 3600 AddType application/x-x509-ca-cert .cer Listen 1.2.3.4:443 <VirtualHost nothing.proper.com> SSLEngine on ServerName nothing.proper.com DocumentRoot /usr/web/placeholder/secure SSLCertificateFile /path/to/apache22/Certs/nothing.proper.com.cer SSLCertificateKeyFile /path/to/apache22/Certs/nothing.proper.com.key </VirtualHost>
When I do this and try to hit the page from a browser, the Apache error log says:
[Tue Apr 13 12:43:15 2010] [error] [client 4.5.6.7] Invalid method in request \x16\x03\x01 [Tue Apr 13 12:43:15 2010] [error] [client 4.5.6.7] Invalid method in request \x16\x03
This looks like the SSL startup is getting a pure ASCII response. I validate this by using the OpenSSL s_client, which says in part:
SSL_connect:SSLv2/v3 write client hello A read from 0x1001190e0 [0x100811400] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 <!DOCTY SSL_connect:error in SSLv2/v3 read server hello A 26839:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_clnt.c:601:
Note the "<!DOCTY" that the SSL client gets back; proof that Apache is not staring up SSL. So, that failed. The next thing I tried was doing the first NameVirtualHost on port 80 only, and adding a second one for port 443 before the SSL section:
NameVirtualHost 1.2.3.4:80 <VirtualHost nothing.proper.com> ServerName nothing.proper.com DocumentRoot /usr/web/placeholder </VirtualHost> <VirtualHost somethingelse.proper.com> . . . NameVirtualHost 1.2.3.4:443 <VirtualHost nothing.proper.com> SSLEngine on ServerName nothing.proper.com DocumentRoot /usr/web/placeholder/secure SSLCertificateFile /path/to/apache22/Certs/nothing.proper.com.cer SSLCertificateKeyFile /path/to/apache22/Certs/nothing.proper.com.key </VirtualHost>
Massive explosions when I restart Apache. For every host, it direly warns:
[Tue Apr 13 12:55:49 2010] [error] VirtualHost nothing.proper.com:0 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
The not-so-helpful Apache SSL FAQ from the Apache Software Foundation says: "Is it possible to provide HTTP and HTTPS from the same server? Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. You can either run two separate server instances bound to these ports, or use Apache's elegant virtual hosting facility to create two virtual servers, both served by the same instance of Apache - one responding over HTTP to requests on port 80, and the other responding over HTTPS to requests on port 443." Of course, they don't tell you how.
All suggestions are welcome. This must be a completely common problem, but I don't see a direct solution. I hope I'm missing something.
Update: Thanks to everyone who gave correct answers. (Half thanks to those who sent wrong or incomplete answers...). The correct setup is:
NameVirtualHost 1.2.3.4:80 NameVirtualHost 1.2.3.4:443 Listen 1.2.3.4:80 Listen 1.2.3.4:443 <VirtualHost nothing.proper.com:80> ServerName nothing.proper.com DocumentRoot /usr/web/placeholder </VirtualHost> <VirtualHost somethingelse.proper.com> . . . <VirtualHost nothing.proper.com:443> SSLEngine on ServerName nothing.proper.com DocumentRoot /usr/web/placeholder/secure SSLCertificateFile /path/to/apache22/Certs/nothing.proper.com.cer SSLCertificateKeyFile /path/to/apache22/Certs/nothing.proper.com.key </VirtualHost>