Re: Virtual Host SSL Confirmation Question

Mon, 04 Sep 2000 01:46:23 -0700 

Grant Walters wrote:
> 
> Hi,
> 
> Like Mark Lo earlier I am trying the Virtual SSL issue.  This post is just
> to ask for confirmation of my configuration so please don't swear at me.
> 
> Having followed the thread and RTFM I have determined that there are two
> ways to have the same server handle multiple domains under SSL?
> 
> Separate IP addresses (IP aliases) or different ports (444:445 etc...)
> 

Exactly correct. You have correctly deduced that you CANNOT use
Name-based virtual hosting. I think you are the first person to have
figured this out for yourself...

> My configuration in Apache now states:
> 
> NameVirtualHost 192.168.1.1:80
> NameVirtualHost 192.168.1.1:444
> NameVirtualHost 192.168.1.1:445
> 

These directives for the two SSL ports do not cause you any problem but
they are actually unnecessary and are not doing anything. Just to be
clear about this:

NameVirtualHost <ip-address:port-number> means "The IP address and port
number (if given) may connect to more than one virtual host. The
different hosts will be distinguished by their ServerNames."

As you have already found out, name-based virtual hosting doesn't work
with SSL VHs so these directives are unnecessary. I point this out
because it if you leave them in, the next guy to maintain the file might
think he can stick a name-based VH onto one of these...

> <VirtualHost 192.168.1.1>
> ServerName www.abc.com
> </VirtualHost>
> 
> <VirtualHost 192.168.1.1>
> ServerName www.def.com
> </VirtualHost>
> 
> <VirtualHost 192.168.1.1:444>
> ServerName www.abc.com
> </VirtualHost>
> 
> <VirtualHost 192.168.1.1:445>
> ServerName www.def.com
> </VirtualHost>
> 
> Connecting to either of the SSL ports returns the correct Certificate and
> there are no errors in the logs, so...
> 
> Is this a valid real world configuration?
> Am I asking for trouble somewhere?

As has been already pointed out, some firewalls may block the
"non-standard" 445 port...

best regards,

Owen Boyle.
-- 
SWX Swiss Exchange,  10 Cours de Rive, 1211 Geneve 3
--------------------------+-------------------------
Phone: +41 (0)22 849 5648 | Fax: +41 (0)22 849 5643
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to