httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Apache2/SSL/VirtualHost/single external IP
Date Sun, 17 Aug 2003 11:43:51 GMT
Leif W wrote:
> Sorry, what I meant was my browser (Mozilla 1.4) says "The connection was
> refused when attempting to contact www.site2.net."  I've commented out
> the second encrypted site, and removed the redundant NameVirtualHosts.

You are sure that DNS is working properly for the hostname. Connection
refused would not be the error if Apache was at fault. If Apache gets a
request and can't find the appropriate VirtualHost, it will always serve
from the first VHost defined on the IP of the incoming request.

Try doing a "telnet www.site2.net 80", and type:

    GET / HTTP/1.1
    Host: www.site2.net

And see what you get.

> What I don't understand is why I can't use this IP for more than one
> unencrypted site when it's also being used for a single secure site.  Is
> this due to a misconfig or is this just how secure sites work?

Hmm, are you speaking of "unencrypted" or "secure" sites here? You should be
able to use one IP for several "normal" HTTP virtual hosts.

> Another solution is to have one secure site (secure.site.net), and map
> different paths to the appropriate directories (
> https://secure.site1.org/site2.net/, https://secure.site1.org/site3.com/,
> etc. ).  This would be adequate to have some simple testing and
> functionality.

Yes. I forgot to add in my last response, SSL is not restricted to one per
IP, but to one per IP/port combination. Thus, you can have very many SSL
sites on a single IP, but for all except the one running on port 443 you'll
always need to explicitly inlcude the port in the URI, eg
'https://secute.site2.net:444/'.

>
> One other question comes to mind.  Would it be possible to have a
> VirtualHost *:443 do a check to see if it's an unencrypted session, and
> if so, do a PermanentRedirect to the appropriate secure site?  I.e.
> someone types in a browser https://www.site3.com/ and Apache catches,
> sees it's unsecure, redirects to https://secure.site1.org/site3.com/
> based on the Host header.

Again, Apache cannot see the Host header before the request has been
decrypted, and in order to do this it must know which certificate to pick
(which for it needs to know the host).

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message