Problem running apache dual stack IPv4 and IPv6
Hello!
I am running a single Lion-Server with one public IPv4 address. Because my Provider is able to support IPv6 now, I ordered a public IPv6 address for my server. (To learn IPv6)
I setup IPv6 address and setup the firewall with ip6fw - everything works fine, I can connect to ssh and afp via IPv4 or IPv6 but when I try to connect to my wiki over IPv6 I get the certificate question (unknown certificate ... blah) click continue and the certificate is loeded againe - I end up in an infinte loop of certificate questions.
The part of the firewall config looks like this:
20515 allow tcp from any to any 443
20516 allow tcp from any to any 8443
20517 allow tcp from any to any 1640
I looked into apache config:
/etc/apache2/sites/virtual_host_global.conf has this entries:
Listen *:443
NameVirtualHost *:443
Listen *:80
NameVirtualHost *:80
I have only one domain and only one single virtual host as defined in /etc/apache2/sites/0000_any_443_.conf:
## Default Virtual Host Configuration
<VirtualHost *:443>
ServerAdmin admin@example.com
DocumentRoot "/Library/Server/Web/Data/Sites/Default"
DirectoryIndex index.html index.php /wiki/ default.html
CustomLog "/var/log/apache2/access_log" combinedvhost
ErrorLog "/var/log/apache2/error_log"
<IfModule mod_ssl.c>
SSLEngine On
SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
SSLProxyEngine On
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCertificateFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.cert.p em"
SSLCertificateKeyFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.key.pe m"
SSLCertificateChainFile "/etc/certificates/www.ABCDE.de.1A00F8DFC2738F25D26E3248A4C8F687D7EA7F32.chain. pem"
SSLProxyProtocol -ALL +SSLv3 +TLSv1
</IfModule>
<Directory "/Library/Server/Web/Data/Sites/Default">
Options All +MultiViews -ExecCGI -Indexes
AllowOverride None
<IfModule mod_dav.c>
DAV Off
</IfModule>
</Directory>
....
</VirtualHost>
I have not modified the apache config by hand until now - but this was an upgrade from Snow Leopard Server. At the moment I am a littel scared to upgrade to Mountain Lion server because this server runs mail and calender services for my company.
I tried to setup "Listen" entry with dedicated IP-addresses, one for IPv4 and one for IPv6 but this only leads to the same problem - IPv4 works, IPv6 ends in an infinte loop.
I found somewhere that I had to duplicate virtual hosts setup for IPv4 and IPv6 but afaik "Server.app" will overwrite it, right?
Every hint is welcome, bye
Christoph
P.S. Sorry just saw that I posted to ML-Server discussions not Lion-Server, but maybe someone can tell me that I can upgrade without scare.
Message was edited by: Christoph Ewering1
Mac mini, Mac OS X (10.7.2)