In my case, I have the option of IP aliasing, so it would seem I simply have to
establish a separate IP on the LAN for each virtual host I require and then
specifically set up the virtual host directive for each one in turn with both ports.
That looks deliciously simple. Is that all I need do to meet Owen's workaround
solution? If so, I am off and running (and NOT in circles!)
George
[EMAIL PROTECTED] wrote:
>
> Gian Maria Gamboni wrote:
> >
> > Hi All!
> > I'm new to mod_ssl, so the things which I'm going to say may be sounds
> > ridicolous but I'm not able to solve this:
> > I have just three virtualhosts which should listen on 80 and 443 at the same
> > time, how can I do this ?
> >
> > I've just built the new release 1.3.19 whit mod_ssl-2.8.1 on the machine who
> > previously running 1.3.17 without mod_ssl on a FreeBSD 4.1 i386 platform.
> > At this point I need to run some parts of a site under SSL and others
> > normally as shown below :
> >
> > This configuration works fine on port 80 but not on 443, WHY ?
> >
>
> In a nutshell: You can't do Name-Based Virtual Hosting with SSL.
>
> Check out the following from earlier this week:
>
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
>
> Q: Why is it not possible to use Name-Based Virtual Hosting to identify
> different SSL virtual hosts?
>
> A: Name-Based Virtual Hosting is a very popular method of identifying
> different virtual = hosts. It allows you to use the same IP address and
> the same port number for many different sites. When people move on to
> SSL, it seems natural to assume that the same method can be used to have
> lots of different SSL virtual hosts on the same server.
>
> It comes as rather a shock to learn that it is impossible.
>
> The reason is that the SSL protocol is a separate layer which
> encapsulates the HTTP protocol. So the problem is that the SSL session
> is a separate transaction that takes place before the HTTP session even
> starts. Therefore all the server receives is an SSL request on IP
> address X and port Y (usually 443). Since the SSL request does not
> contain any Host: field, the server has no way to decide which SSL
> virtual host to use. Usually, it will just use the first one it finds
> that matches the port and IP address.
>
> You can, of course, use Name-Based Virtual Hosting to identify many
> non-SSL virtual hosts (all on port 80, for example) and then you can
> have no more than 1 SSL virtual host (on port 443). But if you do this,
> you must make sure to put the non-SSL port number on the NameVirtualHost
> directive, e.g.
>
> NameVirtualHost 192.168.1.1:80
>
> Other workaround solutions are:
>
> Use separate IP addresses for different SSL hosts.
> Use different port numbers for different SSL hosts.
>
>
> Rgds,
>
> Owen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
George Walsh,
Managing Director,
Travel Seewise Pacific Corp
Vancouver Canada
__________________________________________________________________
Get your own FREE, personal Netscape Webmail account today at
http://webmail.netscape.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
