Setting vhosts + ssl with a NAT

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
Luigino
Posts: 1
Joined: 2014/08/19 06:13:36

Setting vhosts + ssl with a NAT

Post by Luigino » 2014/10/20 12:56:39

Hello everyone!!! :-)

I am on Centos 5.8 Final using Apache 2.2.3 and I need to reach my webserver from internal office's IP 192.168.3.25 and from a tablet externally with public domain mydomainsite.it which has a static public IP associated like 1.2.3.4. I have to say public ip is natted like:

mydomainsite.it (1.2.3.4) ----> NAT FW (1.2.3.4:443 <--> 192.168.3.25:443) ----> Server (192.168.3.25:443)

So I settled two SSL certificates, one with Common Name: 192.168.3.25 and one with Common Name: mydomainsite.it and settled this ssl.conf:

Code: Select all

LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost 192.168.3.25:443
NameVirtualHost 1.2.3.4:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost 1.2.3.4:443>
    DocumentRoot "/var/www/html"
    ServerName mydomainsite.it
    ServerAlias mydomainsite.it
    ErrorLog logs/ssl_error_log1
    TransferLog logs/ssl_access_log
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/CA/certs/mydomainsite.it.cert.pem
    SSLCertificateKeyFile /etc/pki/CA/private/mydomainsite.it.key.pem
    SSLCACertificateFile /etc/pki/CA/certs/ca.cert.pem
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

<VirtualHost 192.168.3.25:443>
    DocumentRoot "/var/www/html"
    ServerName 192.168.3.25
    ServerAlias 192.168.3.25
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/CA/certs/192.168.3.25.cert.pem
    SSLCertificateKeyFile /etc/pki/CA/private/192.168.3.25.it.key.pem
    SSLCACertificateFile /etc/pki/CA/certs/ca.cert.pem
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
But looks like I can reach correctly 192.168.3.25 and verify SSL indeed with public domain mydomainsite.it it looks like the second virtual host which should verify SSL for mydomainsite.it it doesn't work. What I missed or did wrong?

Thanks in advance to all! Cheers Luigi

Post Reply

Return to “CentOS 5 - Server Support”