[thelist] Apache SSL setup

[Robert Gormley]

Dave Merrill wrote:

>Let me try to describe my question better:
>
>For non-ssl operation, the port being used is set in
>[apache_root]/conf/httpd.conf, by the line:
>	Listen [port_number]
>...where [port_number] is usually 80, but it's not in my case. I'm running
>on a non-standard port, for a variety of reasons. There's at least one other
>place in that file that needs to match that setting too.
>  
>
Down near the virtual hosts line - do a search from the
"NameVirtualHost" directive

>For ssl operation, the port being used is set in
>[apache_root]/conf/ssl/ssl.conf, by the line:
>	Listen [port_number]
>...where [port_number] is usually 443.
>
>What I'd like is to only accept ssl connections on [port_number], so it
>seems clear that the ssl port should be [port_number].
>
>What should I use for the non-ssl port (or other config setting), so that it
>allows only ssl connections on [port_number]? I tried port 0, but apache
>complains and won't start.
>
>The one thing I tried that seems to work is:
>	Listen 0.0.0.0:80
>  
>
You could try 81. Bear in mind though that you have two issues now -
that a lot of corporate firewalls will either straight block or block
via stateful inspection connections to either of the two URL 'schemes'
you'll now be using, ie:

https://www.example.com:80/
http://www.example.com:81/

>Bearing in mind that I have no intention of responding to straight port 80
>http requests at any url, is that a sensible thing to do? Or a nonsense
>config that accidentally works, so far? Is there an official way to do this?
>  
>
"Sensible" depends on you reasoning, and ability to deal with
situations, such as above.