httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Oliver <>
Subject Re: [users@httpd] One host, two SSL sites
Date Tue, 20 Jan 2009 21:49:36 GMT
On Tue, Jan 20, 2009 at 09:55:03PM +0100, Miguel Angel Tormo Alfaro wrote:
> El Martes, 20 de Enero de 2009 21:21:37 Brian Mearns escribió:
> > On Tue, Jan 20, 2009 at 3:17 PM, John Oliver <> wrote:
> > > If it would turn out to be easier to do this another way, that's fine.
> > > But I remember it as always having been a no-no to even try to get SSL
> > > working with VirtualHosts.
> > >
> > 
> > Not at all, it's really just name based vhosts that cause problems for
> > SSL, because only one host gets picked to present the certificate,
> > which means all the hosts have to use the same certificate. However,
> > as far as I understand, if you use ip-address or port-based vhosts,
> > then this shouldn't be a problem. Apache can easily find the correct
> > vhost if it's only base on ip address and port number, it's just that
> > it can't try to find a name-based vhost until the SSL decryption has
> > occured.
> > 
> True.  You can even use NameVirtualHosts with SSL (TLS) with apache 2.2, but few browsers
support the SNI extension to the TLS protocol as of today.
> So, you can certainly get this to work as you have one IP per VirtualHost, it should
be quite straightforward.
> I'm not familiar with the RHEL init scripts. However, looking at yours it seems to me
that you need to change more things if you want to get those two instances work independently.
For instance, you should also change your httpd.conf to set the new PidFile to /var/run/

I have done so.

> You should read the /etc/rc.d/init.d/functions file to understand better what this script
is really doing (like those killproc functions that would likely kill both instances when
you try to stop just one).

Why, when each instance has it's own pidfile?

I have read through the functions for more clues, but an awful lot of it
looks like a money banging on a keyboard :-)

> As for the httpd=${HTTPD-/usr/sbin/httpd}, it means that httpd is set to whatever $HTTPD
is and if it is not set, take /usr/sbin/httpd. I guess HTTPD if set anywhere, that place would
be /etc/sysconfig/httpd2.

Well, I should be able to leave that, as /usr/sbin/httpd is what I
want... unless it's impossible for httpd to run two instances each with
it's own pid file, but that doesn't make sense.

> In conclusion, I would go for the virtualhost solution, too much hassle otherwise.

Except I lose the ability to stop / start / restart just one site.

If I absolutely have to, I will go that way, but I'm trying to keep
these sites completely separate.  That shouldn't be impossible.  Back in
the day, I remember machines running dozens of instances of Apache, each
with their own config file, and all could be started, stopped, or broken
beyond all belief completely independantly of each other.  I just can't
credit the idea that the Apache developers went out of their way to
break this functionality in newer releases.

* John Oliver                    *
*                                                                     *

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message