RE: Vhosts behavior question (1 SSL, 1 non-SSL)

Tue, 15 Aug 2000 18:43:00 -0700 

Argh, I should have read your original post, here's a better answer than my
last:

> > Based on Plamen's suggestion (thanks, Plamen) I dug out & re-read the
> > virtual hosts section of O'Reilly's "Apache: The Definitive Guide" (2nd
> > ed) book by the Lauries. They mention use of the 'NameVirtualHost'
> > directive & suggest it might be important in controlling access to
> > servers under an alternate name. I hadn't been using this directive, so
> > I tried it - but the results were identical to what I saw without it;
> > i.e.:
> >
> > https://name1.mydom.com/  ---> index.html file from namessl's doc root
> > http://namessl.mydom.com/ ---> index.html file from name1's doc root
> >
> > The directives I added were:
> >
> > NameVirtualHost 111.22.33.44:80
> > NameVirtualHost 111.22.33.44:443
> >
> > I don't understand what these directives are supposed to do...
> >
> > Finally, correct me if I'm wrong, but wouldn't IP-based virtual hosts
> > eliminate this problem? Maybe that's the best solution for me since
> > I've got a few "extras".

You're right, IP-based virtual hosts will eliminate your problem.

For name based virtual hosts, what you really need to do is add another pair
of virtual hosts:

NameVirtualHost 111.22.33.44

<VirtualHost 111.22.33.44:80>
 ServerName name1.mydom.com
 DocumentRoot /home/webfoot/public_html
</VirtualHost>
<VirtualHost 111.22.33.44:80>
 ServerName namessl.mydom.com
 DocumentRoot /home/webfoot/secure_html
</VirtualHost>

<VirtualHost 111.22.33.44:443>
 ServerName name1.mydom.com
 DocumentRoot /home/webfoot/public_html
</VirtualHost>
<VirtualHost 111.22.33.44:443>
 ServerName namessl.mydom.com
 DocumentRoot /home/webfoot/secure_html
</VirtualHost>

Of course, the main problem with this is that only one SSL certificate will
be used between the ssl virtual hosts (the first one listed I think), so the
browser on the client will most likely pop up a certificate/servername
mismatch warning.

Hope this helps more than my last post.  :-)

-Dave

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to