httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arthur Chan" <>
Subject Re: [users@httpd] SSL not an option for virtual IP based hosts served by 1 external IP ... alternatives?
Date Thu, 14 Aug 2003 05:29:35 GMT
> Thanks for the response. I'm familiar with that documentation and I've
poured through Wainright's 'Professional Apache' but they all seem to say I
can't have (multiple) name-based virtual hosts with SSL. Its only recently
that I have discovered the same rule applies to IP-based as well if you are
handling more than one site. I realize the need Apache has for an address to
direct traffic to and the problem with encryption of the headers.
Absolutely correct, you cannot have multiple name based vhost with openssl.
You can implement multiple ip-based vhosts with openssl.

> What I don't understand is how one host can get through the process -
somewhere, somthing is directing the traffic to the (default?) address for
what it thinks is the 'main server'. If this works, then the only thing I
can think of doing is running 3 instances of Apache - one for each site -
aside from being totally wasteful, would this work? I'd rather pop some more
memory into the server if necessary than publish my client's credit card and
contact info to the unwashed world.
> I've even given thought to eventually buying a server for each
Apache/site, but the telephone company cannot tell me how (or even if) they
can split the static ip into 3.

 Maybe I don't understand you correctly, but I think your problem is not
with apache and openssl at this point.
I will make some assumptions here : you have one NIC card, the external ip
is tied to your router which does the NAT-ting, you are using a linux/unix
distro with network aliasing enabled. If this is the case, then you can edit
/etc/sysconfig/network-scripts/ifcfg-eth0 to configure your single NIC
(namely eth0) with multiple ip addresses, like this :
ifconfig eth0:0 netmask
ifconfig eth0:1 ...
ifconfig eth0:3 ...
By the way, NIC's are dirt cheap, no point in having a single point of
failure for all your sites just to save a few dollars.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message