httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gustavo A. Baratto" <gbara...@superb.net>
Subject Re: [users@httpd] IP Based Virtual Host
Date Mon, 28 Jul 2003 16:11:11 GMT
Hi Jonathan,

This solution doesn't work... if two domains are sharing the same IP, 
the first one is going to be used for both sites... if you read the cert 
when you go to https://www.domain2.com, you'll see that it the exactly 
the same if you go to https://www.domain1.com, ie domain1.com.crt

If you put the virtualhost container of domain2.com before domain1.com, 
the certs are going be domain2.com.crt

The data is being encrypted, but you users

Except if there is a new workaround that I'm not aware of, https can 
just encrypt the headers if it finds the IP first...the old chicken and 
problem.



Jonathan Hilgeman wrote:
> Hi,
> 
> Yes, you can do this. I have a similar setup - I have one IP and several
> (about 50-80) domains all on name-based vhosting. Two of my domains are
> e-commerce stores and each have their own SSL certificate.
> 
> Maybe my configuration file (using ModSSL) can help you. It's not perfect,
> but it works. My configuration looks something like:
> 
> httpd.conf:
> --------------------------------
> 
> .... all the regular stuff that's in httpd.conf ....
> 
> <IfModule mod_ssl.c>
>    SSLPassPhraseDialog  builtin
>    SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
>    SSLSessionCacheTimeout  300
>    SSLMutex  file:/usr/local/apache/logs/ssl_mutex
>    SSLRandomSeed startup builtin
>    SSLRandomSeed connect builtin
>    SSLLogLevel info
>    SSLLog  /usr/local/apache/logs/ssl_engine_log
> </IfModule>
> 
> NameVirtualHost MY_IP_ADDRESS:443
> 
> <VirtualHost MY_IP_ADDRESS:443>
>    ServerAdmin webmaster@domain1.com
>    DocumentRoot /www/sites/www.domain1.com
>    ServerName domain1.com
>    ServerAlias www.domain1.com
>    SSLEngine on
>    SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>    SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain1.com.crt
>    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.domain1.com.key
>    <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
>       SSLOptions +StdEnvVars
>    </Files>
>    <Directory "/usr/local/apache/cgi-bin">
>       SSLOptions +StdEnvVars
>    </Directory>
>    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> </VirtualHost>
> 
> <VirtualHost MY_IP_ADDRESS:443>
>    ServerAdmin webmaster@domain2.com
>    DocumentRoot /www/sites/www.domain2.com
>    ServerName domain2.com
>    ServerAlias www.domain2.com
>    SSLEngine on
>    SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>    SSLCertificateFile /usr/local/apache/conf/ssl.key/www.domain2.com.crt
>    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.domain2.com.key
>    <Files ~ "\.(cgi|shtml|phtml|php3|php?)$">
>       SSLOptions +StdEnvVars
>    </Files>
>    <Directory "/usr/local/apache/cgi-bin">
>       SSLOptions +StdEnvVars
>    </Directory>
>    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> </VirtualHost>
> 
> I hope this helps!
> 
> - Jonathan
> 
> ----- Original Message ----- 
> From: <zebabr@ig.com.br>
> To: <users@httpd.apache.org>
> Sent: Monday, July 28, 2003 1:41 PM
> Subject: [users@httpd] IP Based Virtual Host
> 
> 
> 
>>I have 4 domains on the same server and just one external IP. Can I use
> 
> ssl
> 
>>with different certificates for each of the domains using name based
> 
> vhosts?
> 
>>I've tried to set my server with ip based virtual host but cannot make my
>>router forward the packets to the right ip. I've created one virtual ip
> 
> for
> 
>>each domain.
>>
>>Thanks,
>>
>>_________________________________________________________
>>Voce quer um iGMail protegido contra vírus e spams?
>>Clique aqui: http://www.igmailseguro.ig.com.br
>>Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

-- 
  --------------------------------------------------------------------------
  Gustavo Baratto - Programming and Technical Support
  GBaratto@SUPERB.NET * (604) 638-2525 ext. 408

  Technical support web-site: http://support.superb.net
  Superb Internet Corp. "Ahead of the Rest"
  -------------------------------------------------------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message