httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gold, Samuel (Contractor)" <Go...@ncr.disa.mil>
Subject RE: [users@httpd] SSL and IP addresses.
Date Fri, 09 Apr 2004 18:47:59 GMT
The host file was an example setup if you read the whole message.  

>My question is can I have the user go to the http site first then be
redirected to the SSL site and use the >/etc/hosts file to define the
additional ip addresses that I need?  
>
>Example /etc/host
>123.123.123.123 myhost.ncr.disa.mil
>192.168.1.1        www.sslsite1.ncr.disa.mil
>192.168.1.2        www.sslsite2.ncr.disa.mil


What I really mean is I have one box with the ip address 123.123.123.123
and I have 4 sites that need to be SSL enabled.  Can I use the /etc/hosts
file to define the additional ip addresses that I need or do I have to have
4 ip addresses for the box that are set up in the DNS.  Now do you
understand what I am asking.  I did a google search and did not find
anything referring to this exact question.  Using the host file to define ip
addresses to use with SSL.  I do understand that you need an ip address for
each SSL site or you can do port based virtual hosts as Joshua Slive pointed
out in a previous email.

-----Original Message-----
From: Steffen Heil [mailto:lists@steffen-heil.de] 
Sent: Friday, April 09, 2004 2:26 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] SSL and IP addresses.


Hi

You are telling us, that this mashine does only have 1 ip, but give us a
host file with 3 ips on it? What do you really mean?

You need no public IP at all, if you are really only on an intranet. Apache
does not matter, wether the ips are public or private.

Anyway, you need to have as many ips reachable from your clients as you plan
to have ssl-enabled port-443 sites. Peroid. This has beed discussed on this
list a few dozen times. Read the archive.

Regards,
  Steffen


-----Original Message-----
From: Gold, Samuel (Contractor) [mailto:GoldS@ncr.disa.mil] 
Sent: Friday, April 09, 2004 6:29 PM
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] SSL and IP addresses.

This is an intranet, so nobody on the outside would be able to see it
anyways.  Would it work for an intranet?  If I did port based virtual hosts
would the end user have to put www.sslsite1.ncr.disa.mil:444 to get to the
site?  If that is the case then I don't want to do that, it would be to
confusing to my users. ;)

-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca]
Sent: Friday, April 09, 2004 12:12 PM
To: 'users@httpd.apache.org'
Subject: Re: [users@httpd] SSL and IP addresses.



On Fri, 9 Apr 2004, Gold, Samuel (Contractor) wrote:

> Hey all,
>
> I have a question about having multiple IP addresses for SSL enabled
> sites. I have one box with 1 ip address.  I have 4 sites that point to 
> that address.  I have been asked to SSL enable all 4 sites.  I have 
> been using NamedVirtualHosts and with SSL you have to use IP based 
> virtual hosts.  My question is can I have the user go to the http site 
> first then be redirected to the SSL site and use the /etc/hosts file 
> to define the additional ip addresses that I need?

No.  If you do an "external" redirect (ask the client to fetch data from the
new address), then it won't work because the 192 addresses are not routable
from the internet.  If you do an "internal" redirect, or you proxy the
requests, then the connection from the internet would remain non-encrypted.

One option is to put each SSL-vhost on a different port.  Port-based virtual
hosts work exactly like IP virtual hostes, so this allows you to use SSL.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message