httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans <h...@ezpear.com>
Subject Re: [users@httpd] problem with NAT, Public IP's and SSL cert
Date Thu, 01 Nov 2007 10:14:43 GMT
Krist van Besien wrote:
> On Nov 1, 2007 10:36 AM, Krist van Besien <krist.vanbesien@gmail.com> wrote:
>   
>> On Nov 1, 2007 8:38 AM, Hans <hans@ezpear.com> wrote:
>>
>>     
>>> So in your config you have only <Public_IP:80 (443)> or
>>> <Private_IP:80(443) Public_ip:80(443)>.
>>>       
>> No. In your config you have:
>> Several of either
>> <VirtualHost *:80>
>> or
>> <VirtualHost private_ip:80>
>> (After "VirtualHost" you need to put exactly the same thing you've put
>> after your  NameVirtualHost statement.)
>>
>> And you can have one
>> <VirtualHost *:443> blockt
>> or one
>> <VirtualHost IP:443> block for each IP _your server has_
>>
>> But what you want, based on your description in your first post, is
>> not possible.
>> It is not possible to have multiple SSL based hosts each with their
>> own certificate on one IP address. This is not a limitation of Apache,
>> this is a limitation of the SSL protocol. If you want to know why,
>> read this: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
>>     
>
> Just another question, (I just reread your original post) what do you
> mean that you got another VIP for your customer? Does that mean that
> your firewall has a separate IP for your customer?
>
> In that case you can solve your problem by telling Apache to bind to
> an extra port (eg 444) and configuring your customer's SSL server on
> that port.
> You than configure your NAT firewall to forward traffic to your
> customer's IP to port 80 and 444, in stead of port 80 and 443.
>
> Krist
>
>   
I have one main VIP 65.65.65.65 for vhosts which share that IP, and if 
customer needs(like in the case of ssl) he will get another IP e.g. 
65.65.65.66. I always thought that for ssl is important public IP not 
private on host. I think that it is some limitation of Apache that it 
cannot listen on virtual public IP, but only on IP's which host directly 
uses.
I wonder how other hosting companies with load balance solved that 
problem. I cannot believe that somebody with 200 domains and lets say 
150IP plays with port numbers.

Regards,
Hans


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message