Does this allow 1 certificate to work for all the VirtualHost? Keith ----- Original Message ----- From: "Ho-Sheng Hsiao" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 19, 2002 12:42 PM Subject: [SL] SSL & vhost receipi, was Re: Securing SQL-Ledger access
> Roderick, > > I do not know if anyone answered your question. > > You see, the SSL and vhosting are actually two seperate parts. The > configration for the SSL portion binds port 443 (https) to the SSL. By > telling adding the port to the VirtualHost side, Apache automagically > reroutes the virtual host through the SSL engine. > > I am assuming by the way you wrote your message, you have succeeded > in getting SSL working, and you have working vhost stuff already. You > are using httpd.conf style and using name-based vhosting, yes? Try > this > > <VirtualHost 10.0.0.128:443> > Servername www.https-server.com > ServerAlias https-server.com > DocumentRoot /home/https-server/public_html/ > ErrorDocument 404 /missing.html > CustomLog /home/https-server/log/access_log common > ErrorLog /home/https-server/log/error_log > </VirtualHost> > > > The above is if you want to seperate the https portion from the http. > If you want the https to go to the same exact site as the http > version, using something like > > <VirtualHost 10.0.0.128:*> > > Works too. Myself, since I never want to access SQL-ledger from the > regular port, I have something like > > <VirtualHost 10.0.0.128:443> > Servername ledger.intranet > ServerAlias ledger > DocumentRoot /home/backoffice/sql-ledger/ > ErrorDocument 404 /missing.html > CustomLog /home/backoffice/log/access_log common > ErrorLog /home/backoffice/log/error_log > RewriteEngine On > RewriteRule ^$ login.pl [L,R] > RewriteRule ^/index.html$ login.pl [L,R] > </VirtualHost> > > <VirtualHost 10.0.0.128:80> > Servername ledger.intranet > ServerAlias ledger > DocumentRoot /home/backoffice/redirect_html/ > RewriteEngine On > RewriteRule ^$ https://ledger.intranet/ [L,R] > </VirtualHost> > > In this case, if someone in the office accidentally typed > "http://ledger"; then it will automagically redirect to > "https://ledger";, forcing an SSL session. You could always use a PHP > script, or even a regular front page giving someone an Authorized > Users Only notice, and an https link. Flexibility -- fun. > > The above also works for IP-based virtual servers. Just change the ip. > > <VirtualHost 10.0.0.128:80> > Servername ledger1 > </VirtualHost> > <VirtualHost 10.0.0.129:80> > Servername ledger2 > </VirtualHost > <VirtualHost 10.0.0.128:443> > Servername secure-ledger1 > </VirtualHost> > <VirtualHost 10.0.0.129:443> > Servername sercure-ledger2 > </VirtualHost> > > Obviously, the above is missing a lot. I only want to highlight what > you can do with the VirtualHost directive. > > The default httpd.conf should come with an example that starts with > > <VirtualHost _default_:*> > > > This works for the 1.x series. I havn't played around with the 2.x > stuff. I think from the above examples, you can get a feel for how > it's put together. > > I should archive this and dump it on my website somewhere. Yeah. > Qaexl's Server Cookbook. Let me know how I can better communicate all > of this to you in a clearer way. > > Enjoy. > > -Qaexl- > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------- > (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users > Archive: http://www.mail-archive.com/[email protected]/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
