httpd ERROR

General Interworx Control Panel Info General Inquries
21

Hello,

Yes Jiimp I have it, but it is for the share no signed SSL certificate ?!?
I think it applies only to all vhosts whom not have a certificate installed on their domain. Ok it is the default ssl config for all vhost but I think that if you define a new vhost for your domaine/IP for the port 443 it’s this one which applyed and not the default one !??!

I promise if I remove this there is a huge difference (only for my perl script)

Pascal

22

Oops, you are right. That directive is inside the default virtual host, which is not much use in the case of per-domain certificates. But I have ~8 certificates installed (unique domains and IP’s) and none of them appear to be (significantly) slower than their non-SSL counterparts. They are all signed certificates, though, and none are using CGI.

The ssl.conf file says:

#     StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.

It sounds like your CGI was upset about the missing environment variables. Thanks for the tip, though. It looks like my per-domain SSL’s are missing that option.

23

Pascal,

I have confirmed my sites are suffering from this problem, too. It just took a site with ~50 images on the page to really, really, really point it out. Once I made the changes below, largely based off your posts (especially your Apache website quote), SSL pages are now operating at nearly the same speed as non-SSL ones. Previously, I assumed the SSL-tax was just the penalty of SSL, but adding “downgrade-1.0 force-response-1.0” cured those sites, too.

Thanks for your help and willingness to post all that info, even though no one was asking for help. I’ll file a bug report.

Change:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

To:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/home/[B]{USER}[/B]/[B]{DOMAIN}[/B]/html/cgi-bin/">
    SSLOptions +StdEnvVars
</Directory>
24

Pleased to know it helps you. It’s a bug indeed, and I hope iworx wil lchange the default config of vhosts ssl :slight_smile:

In fact it is exactly what you are saying , on large site with a lot of images without this it is really really slow.

Personnaly I"ve fone this

SetEnvIf User-Agent “.MSIE.” nokeepalive ssl-unclean-shutdown

SetEnvIf User-Agent “.MSIE.
ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

<Files ~ “.(cgi|shtml|phtml|php3?|php|inc)$”>
SSLOptions +StdEnvVars
</Files>

I’ve not enter the nokeepalive as I’ve done tests and even with MSIE it works great like this

Pascal

25

Bug report: http://www.interworx.com/forums/showthread.php?t=1359

The Apache docs say the nokeepalive is necessary for some versions of IE. Too bad it does not say which ones… :confused: If they are talking about IE 5.5, I would leave it on, but IE 4.0 and below is a different story. So I guess I am going to leave that one in.

26

I forgot to tell you that I also done this for iworx 2443 port.

Indeed I had a lot of users whom complained for iworx was very very slow. (see one of my other post about this)

And since I’ve done this also in Interworx everybody tell us it is much more quick :slight_smile:

I’ve change the file

/home/interworx/etc/httpd/httpd-custom.conf

and I’ve just replaced exiting

SetEnvIf User-Agent “.MSIE.” nokeepalive ssl-unclean-shutdown

by

SetEnvIf User-Agent “.MSIE.
ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

<Files ~ “.(cgi|shtml|phtml|php3?|php|inc)$”>
SSLOptions +StdEnvVars
</Files>

exactly as we done for our default vhost.

We should ask for iworx to upgrade the SSL config for virtualhost both for our vhosts and their SSL config file

Pascal
Pascal

27

I’ve done test with MSIE 5.5 and 6.0 and there is NO pbm : same speed. I think it was for 4.0…

With Opera and Mozilla : no pbm

Pascal

28

About your

<Directory “/home/{USER}/{DOMAIN}/html/cgi-bin/”>
SSLOptions +StdEnvVars
</Directory>

It is not suffisant and won’t work for all cases. In fact the actual iworx config for CGI allow to run a CGI evrywhere in the documentroot (which is not so good and I don’t understand why they do this like this.) : See one of my post (lol and one more) stayed without answer : http://www.interworx.com/forums/showthread.php?t=1332

You should prefer add all your handler in the <Files ~ “.(cgi|shtml|phtml|php3?|php|inc)$”> for example by adding .pl or every else

Pascal

29

Thanks for the :2443 tip. I just tried it and it worked nicely.

I see what you mean about the CGI issue. And I responded to your other thread. :wink:

30

help me, im sorry people, i no i shoulded be posting this ya, but that is the problem, how do i post, i got a messive problem and i need help, but i cant see anywere to do so, please help me

31

Navigate to the correct forum and then click the “New Thread” button above the forum listing.

32

thanks

thanks m8 just done my thread now:)