httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick <n...@finiteautomata.com>
Subject RE: [users@httpd] Multiple Secure sites
Date Wed, 17 Mar 2004 03:03:18 GMT
Thanks guys. 
Chances are we will just run them on another port and still use the same IP but Ralph you
said that I can just set them up like any normal Virtual Host just using port 443 instead
of 80.  If I am running standard port 80 VirtualHosts and my NameVirtualHost already states
*:80 how can I add port 80 and port 443?
Is having the NameVirtualHost Directive point to both 80 and 443 possible?
This might be easier than changing ports.

Thanks,
Nick

>Date: Tue, 16 Mar 2004 09:32:03 +0100
>To: <users@httpd.apache.org>
>From: "Boyle Owen" <Owen.Boyle@swx.com>
>Subject: RE: [users@httpd] Multiple Secure sites
>Message-ID: <FAB6A3A2CC5BDB448DADFA1C8C0752965F7480@SOMEXEVS001.ex.ordersx.org>
>
>>-----Original Message-----
>>From: Nick [mailto:nick@finiteautomata.com]
>>=20
>>If I wanted to have multiple SSL sites on one server, do I=20
>>have to bind multiple IP's to that machine?  So I would need=20
>>one IP per SSL site?
>
>
>Yes (assuming you want them all on port 443).
>
>> Is there any other way around this?
>
>
>No (unless you're willing to have the port numbers in the URL).
>
>The essential point is that the different SSL sites have to be distinct
>at the TCP/IP layer (ie, the must have different IP:port combinations).
>So you can have 192.168.1.1:443 and 192.168.1.1:444 (port-based) or you
>can have 192.168.1.1:443 and 192.168.1.2:443 (ip-based). You can't
>distinguish them using the "Host" header (name-based) since that is not
>a TCP/IP attribute. The "Host" is only available at the HTTP layer - and
>that's encrypted.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
>Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
>keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
>This
>e-mail is of a private and personal nature. It is not related to the
>exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
>est
>un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
>boursi=E8re du
>Groupe SWX.
>
>>=20
>>Thanks,
>>Nick
>>=20
>>=20
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP=20
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>=20
>>
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.=20
>
>------------------------------
>
>Date: Tue, 16 Mar 2004 10:24:29 -0500
>To: <users@httpd.apache.org>
>From: "Ralph Crongeyer" <rcrongeyer@oceaneering.com>
>Subject: RE: [users@httpd] Multiple Secure sites
>Message-Id: <s056d604.012@mrygwia1.oceaneering.com>
>
>--=_27063D44.79187430
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: quoted-printable
>
>You can use the directave "NameVirtualHost *:443"
>=20
>then
>=20
>NameVirtualHost *:443
>=20
><VirtualHost *:443>
>DocumentRoot /path/to/docroot
>ServerName www.mydomain.com
>SSLEngine on
>SSLCertificateFile /etc/apache/ssl.crt/mycert.crt
>SSLCertificateKeyFile /etc/apache/ssl.crt/mycert.key
></VirtualHost>
>=20
><VirtualHost *:443>
>DocumentRoot /path/to/docroot2
>ServerName www.mydomain2.com
>SSLEngine on
>SSLCertificateFile /etc/apache/ssl.crt/mycert2.crt
>SSLCertificateKeyFile /etc/apache/ssl.crt/mycert2.key
></VirtualHost>
>=20
>This works for many Virtual Hosts on one ip address.
>=20
>Ralph
>
>>>>Owen.Boyle@swx.com 3/16/2004 3:32:03 AM >>>
>
>
>>-----Original Message-----
>>From: Nick [mailto:nick@finiteautomata.com]=20
>>=20
>>If I wanted to have multiple SSL sites on one server, do I=20
>>have to bind multiple IP's to that machine?  So I would need=20
>>one IP per SSL site?
>
>
>Yes (assuming you want them all on port 443).
>
>> Is there any other way around this?
>
>
>No (unless you're willing to have the port numbers in the URL).
>
>The essential point is that the different SSL sites have to be distinct
>at the TCP/IP layer (ie, the must have different IP:port combinations).
>So you can have 192.168.1.1:443 and 192.168.1.1:444 (port-based) or you
>can have 192.168.1.1:443 and 192.168.1.2:443 (ip-based). You can't
>distinguish them using the "Host" header (name-based) since that is not
>a TCP/IP attribute. The "Host" is only available at the HTTP layer - and
>that's encrypted.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
>Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
>keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
>This
>e-mail is of a private and personal nature. It is not related to the
>exchange or business activities of the SWX Group. Le pr=E9sent e-mail est
>un message priv=E9 et personnel, sans rapport avec l'activit=E9 boursi=E8re=
> du
>Groupe SWX.
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message