httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Hyman" <mhy...@yahoo.com>
Subject Re: [users@httpd] SSL not an option for virtual IP based hosts served by 1 external IP ... alternatives?
Date Fri, 15 Aug 2003 04:55:14 GMT
You can configure it to have each virtual server using a different port. If
you have a load balancer or NAT/PAT device in front of the server, you could
hide the port number differences by assigning an address at the NAT device.

Example:

VirtualServer 10.1.1.1:443
ServerName www.fred.com

VirtualServer 10.1.1.1:444
ServerName www003.fred.com

VirtualServer 10.1.1.1:445
ServerName www004.fred.com

Then you could either use the port numbers, and if access is from a
centralized Intranet, than you can just put the port number in the URL. Or
you can use NAT to make it look like this:

10.2.2.2:443 = 10.1.1.1:444
10.2.2.3:443 = 10.1.1.1:445
10.2.2.23:443 = 10.1.1.1:443

You need to put listen statements in httpd.conf so APache will listen on
those ports. Also, you can have a different Cert and Key for each
VirtualHost by simply putting the SSL config lines in the VirtualHost
sections.

I hope this helps...Michael
----- Original Message ----- 
From: "George Walsh" <gjmwalsh@netscape.net>
To: <users@httpd.apache.org>
Sent: Thursday, August 14, 2003 9:34 PM
Subject: Re: [users@httpd] SSL not an option for virtual IP based hosts
served by 1 external IP ... alternatives?


> Thanks for the response. I'm familiar with that documentation and I've
poured through Wainright's 'Professional Apache' but they all seem to say I
can't have (multiple) name-based virtual hosts with SSL. Its only recently
that I have discovered the same rule applies to IP-based as well if you are
handling more than one site. I realize the need Apache has for an address to
direct traffic to and the problem with encryption of the headers.
>
> What I don't understand is how one host can get through the process -
somewhere, somthing is directing the traffic to the (default?) address for
what it thinks is the 'main server'. If this works, then the only thing I
can think of doing is running 3 instances of Apache - one for each site -
aside from being totally wasteful, would this work? I'd rather pop some more
memory into the server if necessary than publish my client's credit card and
contact info to the unwashed world.
>
> I've even given thought to eventually buying a server for each
Apache/site, but the telephone company cannot tell me how (or even if) they
can split the static ip into 3.
>
> Seems overkill, but its better than other kinds of abuse, I guess.
>
> George
>
>
> >Must read this doco.
> >http://httpd.apache.org/docs-2.0/vhosts/examples.html
> >One one IPv4 external address :
> >you can run multiple name based virtual hosts listening on port 80
> >but  you cannot run multiple virtual host on 443 and 80 because when the
> >header comes in encrypted, apache has no way to tell where it should go.
> >Hope that helps ;-)
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> -- 
> George Walsh,
> Managing Director,
> CruiseRoutes Division,
> DSC Directional Services Corp
> Victoria, British Columbia, Canada
>
>
> __________________________________________________________________
> McAfee VirusScan Online from the Netscape Network.
> Comprehensive protection for your entire computer. Get your free trial
today!
> http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397
>
> Get AOL Instant Messenger 5.1 free of charge.  Download Now!
> http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message