Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 58532 invoked by uid 500); 17 Aug 2003 11:44:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 58519 invoked from network); 17 Aug 2003 11:44:12 -0000 Received: from unknown (HELO mail.profundis.se) (213.80.46.101) by daedalus.apache.org with SMTP; 17 Aug 2003 11:44:12 -0000 X-ITHouse-Forward-Path: Received: From PROFUNDIS01 by mail.profundis.se (IT House Mail Server [TRIAL - 120 days left]); Sun, 17 Aug 2003 13:43:52 +0200 Message-ID: <07ec01c364b4$d4c05050$652e50d5@profundis.se> Reply-To: "Robert Andersson" From: "Robert Andersson" To: References: <038b01c36456$900b2380$6701a8c0@enterprise> <07b901c3645d$1308dd30$652e50d5@profundis.se> <03b001c36465$8a644f10$6701a8c0@enterprise> Date: Sun, 17 Aug 2003 13:43:51 +0200 Organization: Profundis MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Apache2/SSL/VirtualHost/single external IP Leif W wrote: > Sorry, what I meant was my browser (Mozilla 1.4) says "The connection was > refused when attempting to contact www.site2.net." I've commented out > the second encrypted site, and removed the redundant NameVirtualHosts. You are sure that DNS is working properly for the hostname. Connection refused would not be the error if Apache was at fault. If Apache gets a request and can't find the appropriate VirtualHost, it will always serve from the first VHost defined on the IP of the incoming request. Try doing a "telnet www.site2.net 80", and type: GET / HTTP/1.1 Host: www.site2.net And see what you get. > What I don't understand is why I can't use this IP for more than one > unencrypted site when it's also being used for a single secure site. Is > this due to a misconfig or is this just how secure sites work? Hmm, are you speaking of "unencrypted" or "secure" sites here? You should be able to use one IP for several "normal" HTTP virtual hosts. > Another solution is to have one secure site (secure.site.net), and map > different paths to the appropriate directories ( > https://secure.site1.org/site2.net/, https://secure.site1.org/site3.com/, > etc. ). This would be adequate to have some simple testing and > functionality. Yes. I forgot to add in my last response, SSL is not restricted to one per IP, but to one per IP/port combination. Thus, you can have very many SSL sites on a single IP, but for all except the one running on port 443 you'll always need to explicitly inlcude the port in the URI, eg 'https://secute.site2.net:444/'. > > One other question comes to mind. Would it be possible to have a > VirtualHost *:443 do a check to see if it's an unencrypted session, and > if so, do a PermanentRedirect to the appropriate secure site? I.e. > someone types in a browser https://www.site3.com/ and Apache catches, > sees it's unsecure, redirects to https://secure.site1.org/site3.com/ > based on the Host header. Again, Apache cannot see the Host header before the request has been decrypted, and in order to do this it must know which certificate to pick (which for it needs to know the host). Regards, Robert Andersson --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org