httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chad Morland" <chad.morl...@inquent.com>
Subject Re: [users@httpd] Virtual Hosts and SSL
Date Mon, 23 Sep 2002 18:12:20 GMT
To clear this conversation up a little bit you cannot have two different
name based virtual hosts using SSL.
ie:
    Listen 443
    NameVirtualHost 172.20.30.40:443

    <VirtualHost 172.20.30.40:443>
        ServerName www.example1.com
        DocumentRoot /www/example1.com
    </VirtualHost>

    <VirtualHost 172.20.30.40:443>
        ServerName www.example2.com
        DocumentRoot /www/example2.com
    </VirtualHost>

This is a bit of a chicken & egg paradox that makes it impossible. The
web server needs to look for the host header to find out which set of
web content to return. However, in an SSL connection the header
information is encrypted. Before the web server can figure out which
certificate to pass in the SSL handshake, it needs to know the web host
information, which is not viewable until the SSL handshake is complete.
Therefore each SSL site needs it's own IP. For non-SSL sites, name-based
works great, but if you are planning on using SSL, then save yourself a
headache trying to figure out why it won't work with name based hosts.

You can make it work with different ports using the "Listen" directive
and configuring your "VirtualHost" entry to match that but then your
users must use that port in their URL.


-CM
----- Original Message -----
From: "Amir" <amirn@gmx.net>
To: <users@httpd.apache.org>
Sent: Monday, September 23, 2002 5:40 AM
Subject: RE: [users@httpd] Virtual Hosts and SSL


> Mayl,
>
> Thanks I already made such configuration working,
> As I now understand, the problem is when you want to
> define more then one SSL virtual host on the same ip.
>
> Thanks all for time
> and Help.
>
> Best regards,
> Amir.
>
> >
> > Amir
> >
> > I just got it to work again.  Try this setup.
> > Now mind you, I am working with a router which establishes static
ips.
> >
> > Doing it this way tells apache to resolve the sites by name
> > as stated in
> > "ServerName" & "ServerAlias".
> > Define the VirtualHost of choice with your ip address:443.
> > Then apache will
> > resolve the port with the ServerName.
> >
> > See below and try that.
> > Rene
> >
> >
> >
> >
> > NameVirtualHost *
> >
> > <VirtualHost *>
> >     ServerName yoursite1.com
> >     ServerAlias www.yoursite.com
> > </VirtualHost>
> >
> > <VirtualHost *>
> >     ServerName yoursite2.com
> >     ServerAlias www.yoursite.com
> > </VirtualHost>
> >
> > <VirtualHost 192.168.1.101:443>
> >     ServerName yoursite3.com
> >     ServerAlias www.yoursite.com
> > </VirtualHost>
> >
> > <VirtualHost *>
> >     ServerName yoursite4.com
> >     ServerAlias www.yoursite.com
> > </VirtualHost>
> >
> >
> >
>
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message