-------- Original Message -------- Subject: Re: [Cherokee] question about several ssl enabled virtual hosts From: Stefan de Konink <[email protected]> To: Michiel van Es <[email protected]> Date: 07/01/2009 03:13 PM
> On Wed, 1 Jul 2009, Michiel van Es wrote: > >>> Now the leading proud user list is running on a single ip on multiple >>> sites and that is an out of the box configuration. And since you had https >>> working before, I wonder what you broke or better what you are trying to >>> prevent. If cherokee binds to all the IPs you want, it should work right? >> I broke it by running websites with SSL with diffirent ip's. >> You want me to fix the DNS..that is not always possible in large >> corporations.. > > How on earth are you going *NOT* going to redirect your SSL site and your > normal sites if they have a different IP? I don't understand that sentence.. How can I bind a virtual host to an ip or tell me what I am doing wrong with my setup please. As I said before: I already have configured the 80.79.194.24 and 80.79.194.25 with pot 80 and port 443 (with the TLS checked). Every virtual host has their own certificate and own wildcard hostname: www.pcintelligence.nl webmail.pcintelligence.nl > >> You are saying to me: ah we run it with 1 ip, so you could/should do it >> also. (forcing me to change my dns - with al the TTL cache hassle). >> That is not what I want.. > > I'm not saying that at all, I say that you should bind cherokee to all > IPs, and that will solve your problem anyway, because it is the default > situation. Not applying my used ip-adresses (80.79.194.24 and 80.79.194.25 but * for 80 and 443 with tls?) > >>> Ofcourse you can run two different servers, that maybe a bit overkill. >> 1 webserver can host multiple ip-adresses with diffirent SSL certs right? > > Yes. > >>>>> It even works without your extra IP. But since that will not work in >>>>> ancient versions of IE, people still waste v4 space. >>>> Ie 6 and up and Firefox 3 and up. >>> Get the facts microsoft campaign: >>> >>> Browsers with support for TLS server name indication:[5] >>> >>> * Mozilla Firefox 2.0 or later >>> * Opera 8.0 or later (the TLS 1.1 protocol must be enabled) >>> * Internet Explorer 7 (Vista, not XP) or later >>> * Google Chrome (Vista, not XP) >>> * Safari 3.2.1 Mac OS X 10.5.6 >> Too bad , that IS 6 is is the third most used browser..what will I tell >> my visitors? > > Like Microsoft, Tweakers.net, etc.: go upgrade. Microsoft is not a good example..they MAKE people use their latest browser, .NET etc...that is not always a good think, I am talking about banks and financial corporations..they are in a way other leahue then tweakers for example.. > >> Offcourse it is unsecure and ancient..but I have to take care of my >> customers will and needs not my own... > > You were not a company yet :) I am reviewing Cherokee and Nginx for the company I am working for (which has a lot of banks and financial companies who can NOT use IE 7 or IE 8 for the coming 2 years - such corporations upgrade once per 10 years or such..it is not my procedure but the one from the big banks etc..) And yes I am reviewing it on my own personal project webserver..I want to know what I should advise my customers to protect them against the slowloris DoS.. > > > Stefan > Michiel _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
