httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <>
Subject Re: [users@httpd] How to have multiple SSL ports
Date Mon, 28 May 2012 17:14:10 GMT
On May 27, 2012 18:02 , Nataraj <> wrote:
> I am running apache 2.2 and would like to have the server listen on a
> second SSL port.  I don't need to use a separate certificate or anything
> like that.  All I want to be able to do is to rewrite the URL (already
> know how to do that), so that a portion of the website gets redirected
> to a separate port.  This will allow me to use firewall access lists so
> that part of the web site is only accessable to specific IP addresses.

If you want to restrict access to parts of the web site, do not use a 
firewall:  a firewall is the wrong tool for the job, and you will 
actually be making things much harder on yourself by trying to do it 
that way.  Instead, use the access control directives built into Apache 
HTTP Server to control which parts of the web site are accessible from 
which IP addresses.  For Apache HTTP Server 2.2, this is done with the 
"Allow" and "Deny" directives.  For more details and lots of examples, see

> I would like the web server to serve SSL on both ports 443 and 5678, so
> the public part of the web site would be accessible on port 443.  I
> tried editing ssl.conf and adding a second port, but wasn't sure what to
> do with the<VirtualHost _default_:443>  line.

You will need to duplicate all of the configuration for the port 443 SSL 
virtual host in order to set up an additional virtual host on port 
5678.  This includes:

- A "Listen" directive for port 5678.

- A "VirtualHost" stanza for the second web virtual host (for example, 
"<VirtualHost _default_:5678>") that contains a duplicate of all of the 
configuration directives that are inside the VirtualHost stanza for port 
443.  (Note that use "*:443" instead of "_default_:443" in my configs, 
but hopefully using _default_ in both VirtualHost stanzas will work for 
you; see the documentation for the VirtualHost directive to understand 
the difference).

I hope this helps.

   Mark Montague

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message