httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <>
Subject Re: Is this possible?
Date Mon, 29 Apr 2002 08:10:48 GMT
Phil Forrest wrote:
> I checked the docs, and they seem to indicate this is possible.
> What I need to do is serve name-based vhosts with IP based vhosts.
> I would go solely with name-based if I could, but I need to SSL one
> of the hosts (it's going to run IMP), and I've heard that SSL requires
> an IP address to work.
> What I don't know is if this combination with plain http name-based
> vhosts can live beside an IP based https vhost in the same httpd.conf??

There are three ways to distinguish VirtualHosts:

IP-based: all VHs have a different IP address
port-based: same IP, different ports
name-based: same IP and port, different ServerNames.

Note that the first two (IP and port) use attributes of the TCP/IP layer
to define the VHs while name-based uses an attribute of the HTTP
protocol (viz. the "Host:" header) - i.e. one layer deeper.

Name-based is the most versatile since you can have an arbitrary number
of VHs all on one IP address on port 80. However.... for any SSL VH, you
can't use name-based. This is because the ServerName in the request only
arrives *after* the SSL session is established - but this is too late
since you need to know the ServerName in order to fetch the certificate
to start the session. In other words, with SSL, you cannot use any
attributes of the HTTP layer to define the VH. 

The upshot is that you can have any mix of the above possibilities, but
for an SSL VH, you can only use TCP/IP attributes to define the VH (i.e.
IP and port). You can think of the SSL VH as simply an IP-based VH.

One simple configuration is to have one IP address, umpteen name-based
HTTP-VHs on port 80 and exactly one SSL-VH on port 443. This would look

NameVirtualHost ip-addr:80

<VirtualHost ip-addr:80>
  ServerName Server1

<VirtualHost ip-addr:80>
  ServerName Server2


<VirtualHost ip-addr:443>
  ServerName SSL_server
... ssl directives

You could add additional IP-based VHs or port-based VHs as you like -
the only restriction is that SSL VHs must have unique ip-port
definitions and that no VHs should overlap.


Owen Boyle.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message