httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Multiple SSL virtual servers on the same IP address and port number
Date Fri, 07 Jul 2006 07:15:07 GMT
> -----Original Message-----
> From: James Jacob [mailto:mail2jamesnow@yahoo.com] 
> Sent: Friday, July 07, 2006 6:39 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Multiple SSL virtual servers on the 
> same IP address and port number
> 
> Hi,
> I'm using Apache HTTP Server (version 2.0.55) for my project. 
> I'm having three SSL sites which I run on the same IPaddress, 
> but with different port numbers. 
>  
> For example say for the ports 443, 444 & 445. 
> The sites I have can be for example, 
> 1) one.xyz.com 
> 2) two.xyz.com
> 3) three.xyz.com
>  
> I have also set re-direction such that if the user types a  
> http:// <http://g/>  site it gets redirected to the 
> corresponding https:// site with the required port number. 
> However, the issue comes when the user types https:// without 
> the required port number, since it goes to the default https:// site. 
>  
> Is there any way to add more SSL virtual server sites with 
> the same IP address and Port ? 

Not the way you want... A request on ip:443 is always going to land initially in the first
VH. This means the HTTPS session must be established using the cert from VH1. If the hostname
in the request is for site 2 or 3, this will then cause a browser alert.

Once the HTTPS session is up, you could then redirect to the port-based SSL VHs and start
a new session. Something like this:

<VH1 *:443>
  ServerName one
  ... real site one
</VH>

<VH2 *:443>
  ServerName two
  Redirect / https://two:444/
</VH>

<VH3 *:444>
  ServerName two
  ... real site two
</VH>

How it works:

- request two:443, lands in first VH, browser alert (one != two)
- HTTPS session starts using cert from VH1
- apache reads Host header, switches to VH2
- VH2 redirects to two:444, browser re-requests to two:444
- request lands in VH3, new HTTPS session using correct cert, no alert (two == two).

Messy, and not much better than just putting all VHs on 443 and using the same cert for each
(ie, you get a browser alert and lose authentication).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> If the user types https://two.xyz.com then it should get 
> re-directed to https://two.xyz.com:444 . Rightnow it shows 
> one.xyz.com since that site is given with the default port. 
> Any script or something which can do the trick could be useful.
> Please give your comments.
>  
> Best Regards,
>       James
> 
> ________________________________
> 
> Want to be your own boss? Learn how on Yahoo! Small Business. 
> <http://us.rd.yahoo.com/evt=41244/*http://smallbusiness.yahoo.
com/r-index>  
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message