Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Importance: normal
Content-Type: text/plain;
	charset="iso-8859-1"
Priority: normal
Content-Transfer-Encoding: quoted-printable
Date: Fri, 7 Jul 2006 09:15:07 +0200
Message-ID: 
 <FDD5D99066749040AF9098A720E989770377FDBD@CIWMEXZSA0E.ex.ordersx.org>
Thread-Topic: [users@httpd] Multiple SSL virtual servers on the same IP
 address and port number
thread-index: Acahf1OQNECzOOEcR6eHU98tyfFDSAAE891A
From: "Boyle Owen" <Owen.Boyle@swx.com>
To: <users@httpd.apache.org>
Subject: RE: [users@httpd] Multiple SSL virtual servers on the same IP address
 and port number

> -----Original Message-----
> From: James Jacob [mailto:mail2jamesnow@yahoo.com]=20
> Sent: Friday, July 07, 2006 6:39 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Multiple SSL virtual servers on the=20
> same IP address and port number
>=20
> Hi,
> I'm using Apache HTTP Server (version 2.0.55) for my project.=20
> I'm having three SSL sites which I run on the same IPaddress,=20
> but with different port numbers.=20
> =20
> For example say for the ports 443, 444 & 445.=20
> The sites I have can be for example,=20
> 1) one.xyz.com=20
> 2) two.xyz.com
> 3) three.xyz.com
> =20
> I have also set re-direction such that if the user types a =20
> http:// <http://g/>  site it gets redirected to the=20
> corresponding https:// site with the required port number.=20
> However, the issue comes when the user types https:// without=20
> the required port number, since it goes to the default https:// site.=20
> =20
> Is there any way to add more SSL virtual server sites with=20
> the same IP address and Port ?=20

Not the way you want... A request on ip:443 is always going to land =
initially in the first VH. This means the HTTPS session must be =
established using the cert from VH1. If the hostname in the request is =
for site 2 or 3, this will then cause a browser alert.

Once the HTTPS session is up, you could then redirect to the port-based =
SSL VHs and start a new session. Something like this:

<VH1 *:443>
  ServerName one
  ... real site one
</VH>

<VH2 *:443>
  ServerName two
  Redirect / https://two:444/
</VH>

<VH3 *:444>
  ServerName two
  ... real site two
</VH>

How it works:

- request two:443, lands in first VH, browser alert (one !=3D two)
- HTTPS session starts using cert from VH1
- apache reads Host header, switches to VH2
- VH2 redirects to two:444, browser re-requests to two:444
- request lands in VH3, new HTTPS session using correct cert, no alert =
(two =3D=3D two).

Messy, and not much better than just putting all VHs on 443 and using =
the same cert for each (ie, you get a browser alert and lose =
authentication).

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20


> If the user types https://two.xyz.com then it should get=20
> re-directed to https://two.xyz.com:444 . Rightnow it shows=20
> one.xyz.com since that site is given with the default port.=20
> Any script or something which can do the trick could be useful.
> Please give your comments.
> =20
> Best Regards,
>       James
>=20
> ________________________________
>=20
> Want to be your own boss? Learn how on Yahoo! Small Business.=20
> <http://us.rd.yahoo.com/evt=3D41244/*http://smallbusiness.yahoo.
com/r-index> =20
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat =
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This e-mail is of a private and personal nature. It is not related to =
the exchange or business activities of the SWX Group. Le pr=E9sent =
e-mail est un message priv=E9 et personnel, sans rapport avec =
l'activit=E9 boursi=E8re du Groupe SWX.
=20
=20
This message is for the named person's use only. It may contain =
confidential, proprietary or legally privileged information. No =
confidentiality or privilege is waived or lost by any mistransmission. =
If you receive this message in error, please notify the sender urgently =
and then immediately delete the message and any copies of it from your =
system. Please also immediately destroy any hardcopies of the message. =
You must not, directly or indirectly, use, disclose, distribute, print, =
or copy any part of this message if you are not the intended recipient. =
The sender's company reserves the right to monitor all e-mail =
communications through their networks. Any views expressed in this =
message are those of the individual sender, except where the message =
states otherwise and the sender is authorised to state them to be the =
views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org