httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] VirtualHosts on different ports and trying a non-response when asking to a non-allowed service.
Date Wed, 12 Dec 2012 10:59:58 GMT
On Wed, Dec 12, 2012 at 9:30 AM, José Francisco Álvarez Aguilar
<pepinsoftware@hotmail.com> wrote:
> Yes, www1.example.com, www2.example.com and wwwsecure.example.com all
> resolve to the same IP.
> So, due to your explanation, I can't have different behaviour for this 3
> virtualhosts without using different certificates or without using SNI.
> But there's one thing I don't understand: if we use "virtualhost", that is
> because we would like to "emulate" that there are three (or more) hosts. So
> if we use real hosts with different IPs... it would work... so the
> "virtualhost" directive doesn't do what it supposed it should do: emulate
> three different hosts... am I wrong?
>
> Thank you very much.

It "works" just fine, you are just not understanding what is necessary
for it to work.

VirtualHost uses the Host header supplied in the request to best
determine the website to route the request to.

In order to read headers in an SSL request you need to decrypt the
encrypted request.

In order to decrypt the request, you need to know what key was used to
encrypt the request, which depends upon which host name the request
was sent to,

Apache cannot work this out, and so uses the configuration from the
default vhost for that IP/port combo. If this certificate matches,
then the request works, and it can use the Host header to route the
request to the appropriate vhost.

Therefore, if you can setup your vhosts so they share the same SSL
certificates - either using wildcard certificates, or using
subjectAltName certificates - then they can share the same IP.

If you can't do this, then they can't share the same IP. This is not a
limitation of Apache.

Cheers

Tom

If you can setup your site.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message