9

I have a server (linux base) in which i installed dotcms and it runs on port 80 and openssl is on port 443. both are started in running process. Recently i installed apache on my server. and when i started apache it stuck because default ssl port on apache is 443 and apache is 80, both of them are already running. Just for my task i started only apache without ssl on port 90. but i want to start ssl with apache as well obviously on different port. Is is possible to bind apache ssl with same openssl?

I need my default dotcms in running process i can't stop it in any case, i can only restart my dotcms service if apache start required. but i need dotcms and apache to run both parallel.

see image on that link (because of less reputation i could not upload image) http://developers89.byethost14.com/images/ssl.png

Waqas Ghouri
  • 193
  • 1
  • 1
  • 6

1 Answers1

18

Yes, it is possible to bind Apache to different port and still use SSL.

Replace the Listen directives in your apache config. The config should contain line like

Listen 80
Listen 443

Apache will listen on the ports defined with these configuration options. Replace them, and Apache will listen on a different port.

However, you still need to tell Apache what to serve on the ports above. Suppose you want Apache to start listening on port 8080 (plain), and 4433 (ssl). Then you need to replace the Listen directives to 

Listen 8080
Listen 4433

After this, define two VirtualHosts on these ports like this:

NameVirtualHost 0.0.0.0:8080
NameVirtualHost 0.0.0.0:4433

<VirtualHost 0.0.0.0:8080>
    ServerName the.server.name
    ServerAlias *
    DocumentRoot /var/www/plain
</VirtualHost>

<VirtualHost 0.0.0.0:4433>
    ServerName the.server.name
    ServerAlias *
    DocumentRoot /var/www/ssl

    SSLEngine On
    SSLCertificateFile /the/certificate/file
    SSLCertificateKeyFile /the/key/file
</VirtualHost>

If you don't have any more VirtualHost definition, you don't have to include the ServerAlias directive (or the ServerName, for that matter).

If you restart Apache, it will listen on 8080 for unencrypted connections, and on port 4433 for SSL. Be sure not to have any old VirtualHost definition which contain the wrong port number.

Lacek
  • 7,233
  • 24
  • 28
  • Thanks, port is on but when i try https://www.mydomain.com:4433/ it gives error "SSL connection error" `Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.` – Waqas Ghouri Aug 02 '13 at 11:02
  • when i try to enable ssl module by this command on linux a2enmod ssl. it gives error : `* Restarting web server apache2 ... waiting (98)Address already in use: make_sock: could not bind to address [::]:4433` and when i disable that module and restart apache 4433 port is running and facing error highlighted in above comment – Waqas Ghouri Aug 02 '13 at 11:09
  • Stop the apache webserver, and make sure no Apache instances remain running. Check if the ports are open with the "netstat -napt|grep 4433" command (there should be no output). Then run a2enmod to enable the SSL module. Also, make sure that the "Listen" directives appear in the config files only once (e.g. the second "Listen 4433" directive will result an error). – Lacek Aug 04 '13 at 10:34
  • With Apache 2.4.10 I obtain `Invalid ServerName "*" use ServerAlias to set multiple server names.` – Ortomala Lokni Feb 24 '17 at 14:51
  • I've updated the answer, so the config will work with Apache 2.4 as well. Thanks for pointing this out. – Lacek Feb 27 '17 at 12:17
  • Worth to mention: the SSL port ist not defined in `httpd.conf` but in `httpd-ssl.conf` or in some cases even in `httpd-ahssl.conf` – gratinierer Feb 13 '23 at 11:12