httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject [users@httpd] Apache2/SSL/VirtualHost/single external IP
Date Sun, 17 Aug 2003 00:29:02 GMT
Hello,

I've tried looking around google and this mailing list but couldn't find
this same scenario.  Maybe I missed something and you could refer me to the
appropriate place.

I've got a typical cable internet access setup, a single dynamic IP (but
doesn't change much as I leave my box on 24/7) to the outside world, with a
Linux firewall/NAT setup to allow multiple boxes on the internal (LAN) side.
I had my server setup fine with IP Masquerading to point to the computer
running the webserver, and multiple VirtualHosts all on the same internal IP
(192.168.7.7).  However, I wanted to start playing with Apache2's mod_ssl,
so I've created some self-signed certificates, read up on typical SSL
configuration options, and can get a single site (ServerName) to work on
http (80) and https (443) on a single internal IP.  But I want to have
multiple secure sites.

I think I remember seeing somewhere that you can only run one secure per IP,
but I've tried a setup something like this config (see EXAMPLE 1 below),
just to see what happens.  What I get is I can see www.site1.org:80 ok, I
can't see www.site2.net:80, I can see www.site1.org:443 and
www.site2.net:443 correctly.  In short, it lets me see all sites correctly
except the second unencrypted site.

I also know I can setup the server's network card to listem to multiple IP
addresses in the 192.168.*.* range, and this would solve the SSL problems by
assigning each website it's own IP (against the whole point of Virtual
Hosting), but I'd still have the problem of only one external IP, so my
sites would not be accessible by the rest of the world (which I'd like the
sites to be accessible for testing / displaying web apps).  So would I have
to have my NAT/ipmasq box somehow determine which site is being called, and
let it do masquerading/address translations to the appropriate internal IP
for that website?  Is this even possible?  Or is there something I can do in
the Apache's httpd.conf file?

Leif

EXAMPLE 1
--------------
NameVirtualHost *
<VirtualHost *>
    #
    ServerName default
    (stuff)
</VirtualHost>

NameVirtualHost 192.168.7.7:80
<VirtualHost 192.168.7.7:80>
    ServerName www.site1.org
    (stuff)
</VirtualHost>

<VirtualHost 192.168.7.7:80>
    ServerName www.site2.net
    (stuff)
</VirtualHost>

<IfDefine SSL>
NameVirtualHost 192.168.7.7:443
<VirtualHost 192.168.7.7:443>
    ServerName www.site1.org
    (stuff including SSL opts)
</VirtualHost>

<VirtualHost 192.168.7.7:443>
    ServerName www.site2.net
    (stuff including SSL opts)
</VirtualHost>
--------------



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message