httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gold, Samuel (Contractor)" <Go...@ncr.disa.mil>
Subject RE: [users@httpd] SSL and IP addresses.
Date Fri, 09 Apr 2004 16:28:34 GMT
This is an intranet, so nobody on the outside would be able to see it
anyways.  Would it work for an intranet?  If I did port based virtual hosts
would the end user have to put www.sslsite1.ncr.disa.mil:444 to get to the
site?  If that is the case then I don't want to do that, it would be to
confusing to my users. ;)

-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca] 
Sent: Friday, April 09, 2004 12:12 PM
To: 'users@httpd.apache.org'
Subject: Re: [users@httpd] SSL and IP addresses.



On Fri, 9 Apr 2004, Gold, Samuel (Contractor) wrote:

> Hey all,
>
> I have a question about having multiple IP addresses for SSL enabled 
> sites. I have one box with 1 ip address.  I have 4 sites that point to 
> that address.  I have been asked to SSL enable all 4 sites.  I have 
> been using NamedVirtualHosts and with SSL you have to use IP based 
> virtual hosts.  My question is can I have the user go to the http site 
> first then be redirected to the SSL site and use the /etc/hosts file 
> to define the additional ip addresses that I need?

No.  If you do an "external" redirect (ask the client to fetch data from the
new address), then it won't work because the 192 addresses are not routable
from the internet.  If you do an "internal" redirect, or you proxy the
requests, then the connection from the internet would remain non-encrypted.

One option is to put each SSL-vhost on a different port.  Port-based virtual
hosts work exactly like IP virtual hostes, so this allows you to use SSL.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message