httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joey Hewitt <j...@joeyhewitt.com>
Subject Re: [users@httpd] ip aliases and vhosts
Date Sun, 16 May 2004 02:39:55 GMT
Quoting Mark Lowe <mark.lowe@boxstuff.com>:

> Thats pretty much what i do in terms of rewriting the scheme. I have
> everything working but I was mapping everything to the real ip of the
> server rather than ip aliases. This is also a problem if I need 1 than
> 1 ssl certificate being served from the same box.
>
> I tried adding the port to the ip in the VirtualHost but no joy.
>
> I think its lower level that apache, and I need to configure the
> routing of these ip's. The other possibility I guess is dns stuff,
> which i'll also look into. But both seem fit for another list.
>
> Thanks Mark
>
> On 14 May 2004, at 23:15, Noel Leistad wrote:
>
> > The following worked for me, could be we'll both get better ideas,
> > but...
> >
> > Site ALWAYS shows up secure.
> >
> > Followed instructions from CA when they sent the cert.
> >
> > HTH,
> > Noel Leistad
> >
> >> NameVirtualHost 10.0.0.10:80
> >> NameVirtualHost 10.0.0.11:443
> >> <VirtualHost 10.0.0.10>
> > <Virtual Host 10.0.0.0:80>
> >>     ServerName www.foobar.com
> > Redirect / https://www.foobar.com:443
> >> ..
> >> </VirtualHost>
> >> <VirtualHost 10.0.0.11>
> > <VirtualHost 10.0.0.11:443>
> >>     ServerName www.foobar.com
> > SSLEngine On
> > SSLCertificateFile ...
> > SSLCertificateKeyFile ...
> >> ..
> >> </VirtualHost>

I helped Darryl Cook with a similar problem the other day on this list.  See
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=108436431515590&w=2 for
what helped him.  In summary, I think the trick is to have two NameVirtualHost
directives, one on port http and the other on https, and to list your
<VirtualHost>'s for each port underneath its corresponding NameVirtualHost. 
Check the thread linked above and my own config file at the link provided in
the above post for details.

Note that I wasn't aware of IP aliasing like you're doing, and maybe it's a
better idea than what I've done.  I'm still wondering if some SSL clients will
reject a connection because of DNS hostname problems if you serve stuff over
http and https on the same IP address.  But I currently don't have my IP addys
correctly reverse-mapped and there's been no problems for anything I've tested
for my personal webmail site...

Someone else also suggested a more complex solution (see
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=108430491412570&w=2) -- I
don't know if it works.

HTH,
==Joey

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message