On 9 Mar 2003 at 10:53, Jason Galea wrote:
> sorry if OT..
>
> Hi Nick,
>
> please tell me I'm wrong (I'll be a happy camper), but I thought that you
> couldn't use name virtual server for SSL.
>
> Name server requires HTTP/1.1 which supplies a Host header so the server can
> tell which virtual server you want. With SSL this header is encrypted so
> apache can't read it to know which virtual server it's for.
>
> Or does it work this way by defaulting to the first virtual server listening
> on port 443?
>
> Or is Apache2 doing something funky to make this work?
>
> ..again, I really would like to be wrong about this. I host from home on ADSL
> and thought I'd have to pay for more IP's if I wanted to secure a section of
> my site.
>
> J
>
>
> Nick Tonkin wrote:
> > [...]
> >
> > Beau:
> >
> > [...]
> >
> > mod_rewrite can be complicated, sure, but I do think it's the way to
> > go in this situation. You need:
> >
> > - two sub-domains in DNS, let's say www.my_domain.com and secure.my_domain.com
> > - a sub-directory /secure in your webdocs root (or something else able to matched
> > with a regex)
> > - the following in your httpd.conf:
> >
> > Listen 80
> > Listen 443
> > NameVirtualHost 12.34.56.789:80
> > NameVirtualHost 12.34.56.789:443
> >
> > <VirtualHost 12.34.56.789:80>
> >
> > ServerName www.my_domain.com
> > RewriteEngine on
> > RewriteCond %{REQUEST_URI} /secure/
> > RewriteRule ^/(.*)$ https://secure.my_domain.com/$1 [R,L]
> >
> > </VirtualHost>
> >
> > <VirtualHost 12.34.56.789:443>
> >
> > ServerName secure.my_domain.com
> > RewriteEngine on
> > RewriteCond %{REQUEST_URI} !/secure
> > RewriteRule ^/(.*)$ http://www.my_domain.com/$1 [R,L]
> >
> > </VirtualHost>
> >
> > This allows you to have relative links on all your pages. All links on
> > www.my_domain.com will point to http://www. on port 80, and all links on
> > secure.my_domain.com will point to https://secure. on port 443. The server
> > will simply rewrite and redirect all links that do not match either
> > /secure/ or !/secure.
> >
> > Hope this helps,
> >
> > - nick
> >
> > PS If you have more than one domain needing to use https, you can put it
> > on an arbitrary port so long as you configure the server (not apache) to
> > listen on it, and then hard-code the port number in the mod_rewrite rule.
> >
>
I'm not Nick and you're wrong! :)
Just follow Nick's cookbook above, and it will work.
I put all of my non-global SSL directives within the
secure vhost block.
You may have to tweak it your your particular needs,
but, hey, that's fun anyway...
Aloha => Beau;
