Announcement

Collapse
No announcement yet.

Per-domain SSL: Apache configuration error(s)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Per-domain SSL: Apache configuration error(s)

    Starting from this discussion: http://www.interworx.com/forums/show...t=539#post7973

    NodeWorx (or SiteWorx?) does not configure SSL virtual hosts correctly. The provided configuration makes connections from MSIE clients very slow and CGI scripts without access to the SSL environment variables.

    This is a per-domain issue, but it does not appear to be fixable by editing /home/interworx/etc/vhost-base.conf. Individual domains can be fixed by editing their SSL virtual host like this:

    Change:
    Code:
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    To:
    Code:
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     
     <Files ~ "\.(cgi|shtml|phtml|php3?)$">
         SSLOptions +StdEnvVars
     </Files>
     <Directory "/home/{USER}/{DOMAIN}/html/cgi-bin/">
         SSLOptions +StdEnvVars
     </Directory>
    My small technology blog
    [translocator.ws]

    Stack Overlap - Web Hosting and Development
    [www.stackoverlap.com]

    Mealsite
    [www.mealsite.com]

  • #2
    Does /etc/httpd/conf/ssl-std.conf get loaded? If so, then it could be fixed like this (per domain):

    Change:
    Code:
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    To:
    Code:
    <Directory "/home/{USER}/{DOMAIN}/html/cgi-bin/">
      SSLOptions +StdEnvVars
    </Directory>
    Already defined by ssl-std.conf:
    Code:
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
    </Files>
    My small technology blog
    [translocator.ws]

    Stack Overlap - Web Hosting and Development
    [www.stackoverlap.com]

    Mealsite
    [www.mealsite.com]

    Comment


    • #3
      Hello

      The same tweak has to be done on interworx _default_:2443 conf file also

      http://www.interworx.com/forums/show...p?t=539&page=2

      We have fixed siteworx slowness like this

      Pascal

      Comment


      • #4
        You're right. Thanks for pointing that out. I recall some users in the past saying SiteWorx was really slow, but we never got to the bottom of it.
        My small technology blog
        [translocator.ws]

        Stack Overlap - Web Hosting and Development
        [www.stackoverlap.com]

        Mealsite
        [www.mealsite.com]

        Comment


        • #5
          Thanks for all the hard work guys. My only immediate concern is having the file extensions hard coded in there for the +StdEnvVars part. The obvious solution is to have this configurable but this willl take some time. I'll make sure that we at least the the iworx side updated as that is more self contained.

          Chris
          Chris Wells
          InterWorx L.L.C. | http://interworx.com
          InterWorx Control Panel

          Comment

          Working...
          X