Re: Port number to choose

Wed, 30 Aug 2000 09:11:43 -0700 

> Mark Lo wrote:
> 
>     I have read the mailing list achive about name base virtual host
> with SSL enabled.  As from my understanding, we can use the same IP
> address with different Port Number for different domain name (for
> secure web server).  Now, I have come up a question.  Can anyone tell
> me which port should i use other than 443.
> 

Now things get tricky. There is only one port defined by default for SSL
and that is port 443. To get more thatn one SSL host on the same IP
address, you have set up your server to Listen to another port. Use any
number you like, but avoid numbers already in use (check /etc/services
for a list). Usually, you should use high numbers > 1024 to avoid
clashes with "standard" services. So you can have;

<VirtualHost 192.168.220.1:443>
...SSL host 1
<VirtualHost 192.168.220.1:4043>
...SSL host 2
<VirtualHost 192.168.220.1:4044>
...SSL host 3

and so on. The problem is that you have to specify port numbers other
than 443 in the URL - a lot of people don't like funny port numbers
appearing in their URLs. Another, possibly more serious problem, is that
many of your customers will have firewalls which block traffic on
anything other than standard services ports (some people even block
443!).

The conclusion is that it is quite difficult to have many SSL hosts on
one server. The three methods of VirtualHosting pan out like this:
(1) Name-based VirtualHosting: Doesn't work at all since SSL starts
before the ServerName is discovered.
(2) Port-based VirtualHosting: Need to specify port numbers in URLs and
some Firewalls block "funny" port numbers.
(3) IP-based VirtualHosting: The only reliable method. You can stick to
port 443 but you have only one SSL host per IP number.

Best of luck anyway,

Owen Boyle. 
-- 
SWX Swiss Exchange,  10 Cours de Rive, 1211 Geneve 3
--------------------------+-------------------------
Phone: +41 (0)22 849 5648 | Fax: +41 (0)22 849 5643
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to