Re: dual port 80 443
This doesn't work correctly in 2.4.x... but needs to be fixed in trunk for 2.next. The problem is that our connection rec structure defers to the vhost structure for the port assignment, a 1:1 mapping. We need to break this and trust the vhost is 1:many, and the connection rec records which inbound port the request was accepted on. And then tweak everywhere in httpd core modules and encourage third party authors to adopt the new convention. On Fri, Oct 26, 2018 at 1:49 AM Edwardo Garcia wrote: > Hi, > We have only few domains to manage, usually either http or https, but we > have lately had requests for both (we know defeat purpose but customer > knows what they want and they no take monetary or personal informations on > website) > > I know this works with duplication of virtualhosts, but should it also > work with > [2001:1:1:1::1]:443> > ... > > To avoid duplicating? > nginx does not seem to have this limitation, so I'm surprised httpd2 does. > > If I omit ports, it will errors on http if ssl engine on. > > or have I overlooked option? > > Willy > >
Re: dual port 80 443
> Am 26.10.2018 um 08:48 schrieb Edwardo Garcia : > > Hi, > We have only few domains to manage, usually either http or https, but we have > lately had requests for both (we know defeat purpose but customer knows what > they want and they no take monetary or personal informations on website) > > I know this works with duplication of virtualhosts, but should it also work > with > > ... > > To avoid duplicating? > nginx does not seem to have this limitation, so I'm surprised httpd2 does. > > If I omit ports, it will errors on http if ssl engine on. > > or have I overlooked option? The usual approach is, I think, to put the generic config into its own file and include that in each vhost. It's not ideal. Cheers, Stefan
Re: dual port 80 443
Why not just use HSTS? You want separate VirtualHost blocks anyway because you have to decide where your cert/chain/key files are going to be served so you don't send SSL traffic over port 80. The SSL engine is enabled at the virtualhost block level. HSTS is more professional too. What I do with mine is just have 2 VirtualHost blocks in one file for that site and just have a separate conf file for each site in conf.d, then include conf.d/* in httpd.conf. -C On Fri, Oct 26, 2018 at 2:49 AM Edwardo Garcia wrote: > Hi, > We have only few domains to manage, usually either http or https, but we > have lately had requests for both (we know defeat purpose but customer > knows what they want and they no take monetary or personal informations on > website) > > I know this works with duplication of virtualhosts, but should it also > work with > [2001:1:1:1::1]:443> > ... > > To avoid duplicating? > nginx does not seem to have this limitation, so I'm surprised httpd2 does. > > If I omit ports, it will errors on http if ssl engine on. > > or have I overlooked option? > > Willy > >