httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] SSL on Virtual Hosts
Date Mon, 27 Oct 2003 21:28:22 GMT

----- Original Message ----- 
From: "Aaron Axelsen" <lists@frozenpc.net>
To: "Leif W" <warp-9.9@usa.net>
Cc: <users@httpd.apache.org>; <lists@frozenpc.net>
Sent: Monday, October 27, 2003 4:22 PM
Subject: Re: [users@httpd] SSL on Virtual Hosts


> I thought that with namebased virtual hosting that all this could be
> accomplished via one ip?

Check the mailing list archives, this is a common question (I asked it
myself some months ago and have been answering it since as payback :) .
Name based virtual hosting works off of the Host header sent by the browser.
But during an encrypted session, all data is encrypted, so there's no way
for Apache to know which Host is intended, so it can't match up to a
ServerName or ServerAlias, and therefore can't figure out which certificate
or key file to use to decrypt the incoming data.  All it has to rely on for
identification is a unique IP:port pair.

Leif

> > ----- Original Message -----
> > From: "Aaron Axelsen" <lists@frozenpc.net>
> > To: <users@httpd.apache.org>
> > Sent: Monday, October 27, 2003 3:29 PM
> > Subject: [users@httpd] SSL on Virtual Hosts
> >
> >
> >> Hello,
> >>
> >> I have an Apache 2.0 Virtual hosts set up as follows:
> >>
> >> <VirtualHost *:80>
> >> DocumentRoot /path/to/document/root
> >> ServerName virtualhost.myserver.com
> >> LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost
> >> CustomLog logs/vhost.log combined
> >> <Directory /path/to/document/root>
> >>    Options Indexes FollowSymLinks
> >>    AllowOverride All
> >>    Order allow,deny
> >>    Allow from all
> >> </Directory>
> >> </VirtualHost>
> >>
> >> SSl is defined as:
> >>
> >> <VirtualHost *:443>
> >> DocumentRoot "/path/to/document/root/"
> >> ServerAdmin me@myserver.com
> >> ErrorLog logs/ssl_error_log
> >> CustomLog logs/ssl_access_log combined
> >> All the other necessary ssl lines
> >> </virualhost>
> >>
> >> Is the best way of doing this to make one enter for each virutal host
> >> containing ssl and http access?
> >
> > Not sure what you're asking.  The config outlined above looks ok.  But
> > remember that using SSL, you must have a unique IP:port pair for each
> > host.
> > That means if you want to use the same default port 443 for ssl, you
will
> > need multiple IP addresses.  If you have only one IP address, you can
use
> > alternate ports (i.e. 4300+), but must remember to specify these ports
in
> > all URLs or scripts or programs across the site (or use some form of
> > relative URIs, and let the browser prepend the hostname and port), for
> > example http://myserver2.com/ and https://myserver2.com:4300/ .
> >
> > Leif
> >
> >> Thanks,
> >>
> >> --
> >> Aaron Axelsen
> >> aim: aaak2
> >> email: axelseaa@amadmax.com
> >
> >
> >
>
>
> --
> Aaron Axelsen
> aim: aaak2
> email: axelseaa@amadmax.com
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message