[NTLUG:Discuss] Multiple Apache-SSL Servers / Same Pass Phrase
David Camm
dcamm at advwebsys.com
Tue Jul 1 18:32:44 CDT 2003
> Ok, but you're no longer running virtual hosts, are you? Isn't the
> definition of a virtual host multiple sites that share a server and
> address but differs by name only?
greg - actually, yes, but also no. what you are talking about is named virtual
hosting. let me explain....
every host definition in httpd.conf is within a virtualhost container.
let's say i have a machine which responds to 2 IPs; 1.2.3.4, 5.6.7.8
and further let's say that only one domain is assigned to 1.2.3.4, ten domains
share 5.6.7.8
my httpd.conf file would look like this:
<virtualhost 1.2.3.4>servername www.abc.com....</virtualhost>
namevirtualhost 5.6.7.8 - it is THIS statement that triggers the ability to
share an IP based on name
then:
<virtualhost>servername www.domain1.com......</virtualhost>
<virtualhost>servername www.domain2.com......</virtualhost>
<virtualhost>servername www.domain3.com......</virtualhost>
etc.
the server will build it's tables such that when the namevirtualhost is present,
it will NOT look at the IP, but search the IP-specific table for the matching name.
if it doesn't find the name, it reverts to the first definition within the
table, so if you entered http://5.6.7.8 in your browser, you'd see the website
of the first domain defined.
fyi - the apache website has an EXCELLENT tutorial on this (httpd.apache.org)
ssl doesn't work this way, certs need to be exchanged before the server name is
established. that's the way the https protocol works.
port-based virtual hosting for ssl works just fine. what the user really cares
about is the fact that the lock on their browser is locked, not the fact that
the url looks like https://www.abc.com:444/.....
hope this helps.
david camm
advanced web systems
Greg Edwards wrote:
> David Camm wrote:
>
>> > The mod_ssl module will only support 1 host name so virtual hosting is
>> > not possible with SSL. It's not like the other modules, SSL is a
>> server
>> > unto itself. Maybe we can get Neil to explain this better than I
>> can??
>> > nudge-nudge ;)
>> >
>>
>> i beg to differ. i have one serve that is running multiple secure
>> virtual hosts on different IPs:
>>
>> <virtualhost 1.2.3.4:443>.......</virtualhost>
>> <virtualhost 5.6.7.8:443>.......</virtualhost>
>>
>> you cannot run multiple secure servers on a single IP unless you run
>> them on different PORTS, like so:
>>
>> <virtualhost 1.2.3.4:443>servername www.abc.com.......</virtualhost>
>> <virtualhost 1.2.3.4:444>servername www.def.com.......</virtualhost>
>>
>> and make sure to listen on the additional ports like so:
>>
>> <IfDefine SSL>
>> Listen 1.2.3.4:80
>> Listen 443
>> Listen 444
>> </IfDefine>
>>
>> david camm
>
>
> Ok, but you're no longer running virtual hosts, are you? Isn't the
> definition of a virtual host multiple sites that share a server and
> address but differs by name only?
>
More information about the Discuss
mailing list