httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans <>
Subject Re: [users@httpd] problem with NAT, Public IP's and SSL cert
Date Thu, 01 Nov 2007 10:14:43 GMT
Krist van Besien wrote:
> On Nov 1, 2007 10:36 AM, Krist van Besien <> wrote:
>> On Nov 1, 2007 8:38 AM, Hans <> wrote:
>>> So in your config you have only <Public_IP:80 (443)> or
>>> <Private_IP:80(443) Public_ip:80(443)>.
>> No. In your config you have:
>> Several of either
>> <VirtualHost *:80>
>> or
>> <VirtualHost private_ip:80>
>> (After "VirtualHost" you need to put exactly the same thing you've put
>> after your  NameVirtualHost statement.)
>> And you can have one
>> <VirtualHost *:443> blockt
>> or one
>> <VirtualHost IP:443> block for each IP _your server has_
>> But what you want, based on your description in your first post, is
>> not possible.
>> It is not possible to have multiple SSL based hosts each with their
>> own certificate on one IP address. This is not a limitation of Apache,
>> this is a limitation of the SSL protocol. If you want to know why,
>> read this:
> Just another question, (I just reread your original post) what do you
> mean that you got another VIP for your customer? Does that mean that
> your firewall has a separate IP for your customer?
> In that case you can solve your problem by telling Apache to bind to
> an extra port (eg 444) and configuring your customer's SSL server on
> that port.
> You than configure your NAT firewall to forward traffic to your
> customer's IP to port 80 and 444, in stead of port 80 and 443.
> Krist
I have one main VIP for vhosts which share that IP, and if 
customer needs(like in the case of ssl) he will get another IP e.g. I always thought that for ssl is important public IP not 
private on host. I think that it is some limitation of Apache that it 
cannot listen on virtual public IP, but only on IP's which host directly 
I wonder how other hosting companies with load balance solved that 
problem. I cannot believe that somebody with 200 domains and lets say 
150IP plays with port numbers.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message