On 9 Mar 2003 at 10:53, Jason Galea wrote: > sorry if OT.. > > Hi Nick, > > please tell me I'm wrong (I'll be a happy camper), but I thought that you > couldn't use name virtual server for SSL. > > Name server requires HTTP/1.1 which supplies a Host header so the server can > tell which virtual server you want. With SSL this header is encrypted so > apache can't read it to know which virtual server it's for. > > Or does it work this way by defaulting to the first virtual server listening > on port 443? > > Or is Apache2 doing something funky to make this work? > > ..again, I really would like to be wrong about this. I host from home on ADSL > and thought I'd have to pay for more IP's if I wanted to secure a section of > my site. > > J > > > Nick Tonkin wrote: > > [...] > > > > Beau: > > > > [...] > > > > mod_rewrite can be complicated, sure, but I do think it's the way to > > go in this situation. You need: > > > > - two sub-domains in DNS, let's say www.my_domain.com and secure.my_domain.com > > - a sub-directory /secure in your webdocs root (or something else able to matched > > with a regex) > > - the following in your httpd.conf: > > > > Listen 80 > > Listen 443 > > NameVirtualHost 12.34.56.789:80 > > NameVirtualHost 12.34.56.789:443 > > > > <VirtualHost 12.34.56.789:80> > > > > ServerName www.my_domain.com > > RewriteEngine on > > RewriteCond %{REQUEST_URI} /secure/ > > RewriteRule ^/(.*)$ https://secure.my_domain.com/$1 [R,L] > > > > </VirtualHost> > > > > <VirtualHost 12.34.56.789:443> > > > > ServerName secure.my_domain.com > > RewriteEngine on > > RewriteCond %{REQUEST_URI} !/secure > > RewriteRule ^/(.*)$ http://www.my_domain.com/$1 [R,L] > > > > </VirtualHost> > > > > This allows you to have relative links on all your pages. All links on > > www.my_domain.com will point to http://www. on port 80, and all links on > > secure.my_domain.com will point to https://secure. on port 443. The server > > will simply rewrite and redirect all links that do not match either > > /secure/ or !/secure. > > > > Hope this helps, > > > > - nick > > > > PS If you have more than one domain needing to use https, you can put it > > on an arbitrary port so long as you configure the server (not apache) to > > listen on it, and then hard-code the port number in the mod_rewrite rule. > > >
I'm not Nick and you're wrong! :) Just follow Nick's cookbook above, and it will work. I put all of my non-global SSL directives within the secure vhost block. You may have to tweak it your your particular needs, but, hey, that's fun anyway... Aloha => Beau;