On Tue, May 16, 2000 at 02:19:40PM +0000, [EMAIL PROTECTED] wrote:
> ** Reply to note from "Steve Fairhead" <[EMAIL PROTECTED]> Tue, 16 May 2000
>00:43:19 +0100
> >
> > .... but mustn't they also be IP-based rather than name-based?
> >
>
> That is a reccomendation, not a requirement. The reason for it, I
> belive is to allow the web server to start even if DNS is not operating.
> (For example if all your servers go down in a power failure and the DNS
> server takes longer to boot than the web server.) IP based VirtualHost
> entries will still work, name based entries will go thru slow, painful
> DNS lookup attempts, and finaly fail. (After about 30 sec for each
> VirtualHost.)
>
> There are other alternatives like adding the names to /etc/hosts or
> running a slave DNS server on the web server to make sure there is
> something to answer the DNS requests as Apache starts. Or you can do it
> the easy way and just list the IP addresses in httpd.conf. (Or where
> ever you keep your virtual host declarations.)
>
For SSL this is not quite true. See http://www.modssl.org/docs/2.6/ssl_faq.html#ToC46.
Sure, the server will start, but it will not exactly seem very nice at the client end.
The only way to get NameBased vhosts to function without too much trouble would be
to get a "wildcard" certificate - like *.domain.com and then setting up the vhosts as
aaa.domain.com, zzz.domain.com etc. I think Thawte will sell you a cert like that.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
