tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: IP-based virtual hosting with Tomcat(6)
Date Wed, 29 Jul 2009 19:57:32 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Uma,

On 7/29/2009 3:41 PM, uma_rk@comcast.net wrote:
> The documentation (http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html)
> as well as examples of it seem to illustrate the use of name-based virtual hosting:
>    <Engine name="Catalina" defaultHost="ren">
>     <Host name="ren"  appBase="renapps"/>
>     <Host name="stimpy" appBase="stimpyapps"/>
>   </Engine>
> 
> 
> I would like to avoid using name-based vhosts to sidestep the attendant
> SSL issues.

You will probably have similar issues with IP-based virtual hosting: if
the CN in the SSL cert doesn't match the hostname (or IP address) in the
location bar of the browser, you're going to get a warning OR error on
the browser side.

> If I want to to run virtual hosts attached to distinct network aliases (eth0.0 = 127.0.0.9,
> eth0.1 = 127.0.0.10) on the same server how do I configure the Host entries
> in the Engine? Can you point me to the complete server.xml (or the Engine) configuration?

You can bind <Connector> elements to a specific IP address using the
"address" attribute. You can nest <Connector> elements within an
<Engine> element, like this:

   <Engine name="Catalina" defaultHost="ren">
    <Connector address="127.0.0.9"  [ssl options] />
    <Host name="ren" appBase="renapps"/>
   </Engine>

   <Engine name="Catalina" defaultHost="ren">
    <Connector address="127.0.0.10"  [ssl options] />
    <Host name="stimpy" appBase="stimpyapps"/>
   </Engine>

This should allow you to have different SSL certs for each "site"
(represented by each <Host> element).

See the following references:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
http://tomcat.apache.org/tomcat-6.0-doc/config/engine.html

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkpwqawACgkQ9CaO5/Lv0PCvDgCgi3oJofv+it+Fx9myyeKfCr3q
k78Ani59fg2xcCDlGQgD0c7BL2k/8vrx
=J1yu
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message