httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee Fellows <lfell...@4lane.com>
Subject RE: Starting 2 separate servers
Date Thu, 18 Apr 2002 16:37:13 GMT
  Maybe I am missing something, but running 2 servers will not solve
your problem with SSL given the configuration below.  The reason SSL
needs IP based virtual hosts in the first place has to do with the SSL
protocol itself.  There is no way for apache to know which virtual host
is being requested until it decodes the connection.  To decode the
connection, it needs to know what key to use.  To know which key to use,
it needs to know which virtual host you want to connect to.  See the
problem?  That is why virtual hosts need to be IP, not name based, to
work with SSL.  When you only have one host on the non-secure port and
one on the secure port, there is no confusion for apache because the
port designates the host to connect with.

  Given that you will need to use IP based virtual hosts to service
multiple SSL domains, you can use one server with IP virtual hosting
to meet both secure and non-secure host needs.


On Thu, 2002-04-18 at 12:23, LeTortorec, Jean-Louis wrote:
> Yes you're right, one server is enough for www.mydomain.com and
> other.mydomain.com.
> All the domain and subdomains have the same IP address (wildcard in DNS
> server).
> Everything works fine if I use port 80 on all of them.
> 
> But not with 80 and 443, with a single IP address.
> SSL requires that <VirtualHost www.mydomain.com> becomes <VirtualHost
> 123.123.123.123>.
> Then, <Virtualhost sub1.mydomain.com:443> becomes <VirtualHost
> 123.123.123.123:443>,
> <Virtualhost sub2.mydomain.com:443> becomes <VirtualHost
> 123.123.123.123:443>...
> 
> And as the subdomain names have the same IP, there is no way for Apache to
> know where to go.
> 
> Unless I'm doing something wrong...



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message