[peruser] peruser with mod_ssl and different ServerEnvironment hangs

Leen Besselink leen at consolejunkie.net
Tue Sep 6 05:26:37 MDT 2011


On 09/06/2011 10:40 AM, Jordan Tomkinson wrote:
> Hi list,
>
> Im using Apache 2.2.0 with Peruser 0.4.0rc2 compiled in and having
> trouble with ssl vhosts
> I use a wildcard ssl certificate for *.mydomain.tld with virtualhost
> entries for different subdomains.
>
> something like:
>
> <VirtualHost x.x.x.x:443>
>   ServerName sub1.mydomain.tld
>   SSLEngine On
>   SSLCertificateFile /path/to/my/wildcard.crt
>   SSLCertificateKeyFile /path/to/my/wildcard.key
>   KeepAlive on
>   DocumentRoot /path/to/mydomain/sub1/html
>
>   <IfModule peruser.c>
>     <Processor apache-ssl>
>       User apache
>       Group apache
>     </Processor>
>     ServerEnvironment apache-ssl
>   </IfModule>
>
> </VirtualHost>
>
> Repeating for sub2, sub3, sub4 of .mydomain.tld etc..
>
> This all works fine when each vhost is using the same
> ServerEnvironment, but this means I cannot Chroot vhosts into unique
> directories.
> When I change the ServerEnvironment, apache hangs on the connection
> with nothing being written to the error_log
>
> I originally thought this was related to
> http://www.peruser.org/trac/peruser/ticket/2 but perhaps I'm wrong.
>
> Any ideas??
>

Just a quick check:
- you use one certficate for different Vhost, probably ok
- each Vhost has atleast one seperate IP-address ?
- you want to have different ServerEnvironment/Chroot for each VHost

If you don't have different IP-addresses, you might have problems with a
vanilla Apache as well.

Because SNI-support is limited in browsers and webservers:
http://en.wikipedia.org/wiki/Server_Name_Indication

> Regards,
>
> Jordan Tomkinson
> Systems Administrator
> Moodle HQ



More information about the Peruser mailing list