Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Mime-Version: 1.0 (Apple Message framework v613)
In-Reply-To: <1084675195.40a6d47bd7217@webmail.joeyhewitt.com>
References: <6CB7985D-A5DF-11D8-B900-0003937DAEC0@boxstuff.com>
 <40A536E6.1080208@metc.net>
 <79D8B5B1-A641-11D8-AACD-0003937DAEC0@boxstuff.com>
 <1084675195.40a6d47bd7217@webmail.joeyhewitt.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <D1D022A4-A71A-11D8-89AC-0003937DAEC0@boxstuff.com>
Content-Transfer-Encoding: 7bit
From: Mark Lowe <mark.lowe@boxstuff.com>
Date: Sun, 16 May 2004 11:24:23 +0200
To: users@httpd.apache.org
Subject: Re: [users@httpd] ip aliases and vhosts

Hi Joey

Thanks for the response. Although I suspect the problem is related to  
how I'm routing my aliases as when I read my output for

/sbin/ifconfig

eth0:0    Link encap:Ethernet  HWaddr 00:01:29:21:7F:45
           inet addr:10.0.0.10  Bcast:10.255.255.255   
Mask:255.255.255.224
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           Interrupt:10 Base address:0x8000

eth0:1    Link encap:Ethernet  HWaddr 00:01:29:21:7F:45
           inet addr:10.0.0.11  Bcast:10.255.255.255   
Mask:255.255.255.224
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           Interrupt:10 Base address:0x8000


Both of which are missing information on RX and TX packet which I  
believe they would be if they were working correctly. I'm still not  
sure whether this is the way I've configured my routes or it ipchains  
getting in the way, but when i disabled linux firewall I had the same  
problem so my guess is my routes are wrong. Or even perhaps I need to  
enter something in my hosts files and/or dns.

The introduction to this document suggests that I can use IP aliases as  
IP's , whether or not this would cause havoc with the ssl certificate  
has yet to be seen. But my reading on the subject suggests such a  
configuration would be possible, although all the reading I've done is  
typically vague in terms of the details required to do such a thing.

http://httpd.apache.org/docs-2.0/vhosts/ip-based.html

When i try my current configuration, a request over http completely  
fails before it gets to apache.

Cheers Mark

On 16 May 2004, at 04:39, Joey Hewitt wrote:

> Quoting Mark Lowe <mark.lowe@boxstuff.com>:
>
>> Thats pretty much what i do in terms of rewriting the scheme. I have
>> everything working but I was mapping everything to the real ip of the
>> server rather than ip aliases. This is also a problem if I need 1 than
>> 1 ssl certificate being served from the same box.
>>
>> I tried adding the port to the ip in the VirtualHost but no joy.
>>
>> I think its lower level that apache, and I need to configure the
>> routing of these ip's. The other possibility I guess is dns stuff,
>> which i'll also look into. But both seem fit for another list.
>>
>> Thanks Mark
>>
>> On 14 May 2004, at 23:15, Noel Leistad wrote:
>>
>>> The following worked for me, could be we'll both get better ideas,
>>> but...
>>>
>>> Site ALWAYS shows up secure.
>>>
>>> Followed instructions from CA when they sent the cert.
>>>
>>> HTH,
>>> Noel Leistad
>>>
>>>> NameVirtualHost 10.0.0.10:80
>>>> NameVirtualHost 10.0.0.11:443
>>>> <VirtualHost 10.0.0.10>
>>> <Virtual Host 10.0.0.0:80>
>>>>     ServerName www.foobar.com
>>> Redirect / https://www.foobar.com:443
>>>> ..
>>>> </VirtualHost>
>>>> <VirtualHost 10.0.0.11>
>>> <VirtualHost 10.0.0.11:443>
>>>>     ServerName www.foobar.com
>>> SSLEngine On
>>> SSLCertificateFile ...
>>> SSLCertificateKeyFile ...
>>>> ..
>>>> </VirtualHost>
>
> I helped Darryl Cook with a similar problem the other day on this  
> list.  See
> http://marc.theaimsgroup.com/?l=apache-httpd- 
> users&m=108436431515590&w=2 for
> what helped him.  In summary, I think the trick is to have two  
> NameVirtualHost
> directives, one on port http and the other on https, and to list your
> <VirtualHost>'s for each port underneath its corresponding  
> NameVirtualHost.
> Check the thread linked above and my own config file at the link  
> provided in
> the above post for details.
>
> Note that I wasn't aware of IP aliasing like you're doing, and maybe  
> it's a
> better idea than what I've done.  I'm still wondering if some SSL  
> clients will
> reject a connection because of DNS hostname problems if you serve  
> stuff over
> http and https on the same IP address.  But I currently don't have my  
> IP addys
> correctly reverse-mapped and there's been no problems for anything  
> I've tested
> for my personal webmail site...
>
> Someone else also suggested a more complex solution (see
> http://marc.theaimsgroup.com/?l=apache-httpd- 
> users&m=108430491412570&w=2) -- I
> don't know if it works.
>
> HTH,
> ==Joey
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org