Hi all, I'm attempting to set up a multi-host system with a separate SSL certificate per host. According to the documentation, this is problematic using name-based virtual hosting: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#General_Tips_on_Running_SSL "Finally, using name-based virtual hosts on a secured connection can be problematic."
So, I'm trying to accomplish this via IP-based virtual hosting, using the useIPVHosts="true" flag. (Note: I've tried name-based virtual hosting with useIPVHosts="false", and it doesn't work either) I've gone through the full thread discussing this at: http://mail-archives.apache.org/mod_mbox/tomcat-users/201005.mbox/%3c4bfb9c17.20...@cox.net%3E However, I'm still not managing to access the domain2.com host via SSL (4th connector on list below). * Tomcat version: 6.0.24 (standalone) * OS: Ubuntu 10.0.4LTS * JVM: java 1.6.0_22 (Sun distribution) I've setup my server.xml as follows: <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" address="1.2.3.4" useIPVHosts="false" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" /> <Connector port="8080" protocol="HTTP/1.1" address="5.6.7.8" useIPVHosts="false" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" /> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="1.2.3.4" keystoreFile="/home/tomcat6/.keystore1" keystorePass="xxxxxx" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" useIPVHosts="true" /> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="5.6.7.8" keystoreFile="/home/tomcat6/.keystore2" keystorePass="xxxxxx" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" useIPVHosts="true" /> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Alias>1.2.3.4</Alias> <Alias>domain1.com</Alias> <Alias>www.domain1.com</Alias> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/home/tomcat6/logs/domain1" prefix="domain1_access_log." suffix=".log" pattern="%A %h %l %u %t '%r' %s %b" resolveHosts="false"/> </Host> <Host name="domain2.com" appBase="/usr/share/domain2" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Alias>5.6.7.8</Alias> <Alias>domain2.com</Alias> <Alias>www.domain2.com</Alias> <Context path="" docBase="."/> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/home/tomcat6/logs/domain2" prefix="domain2_access_log." suffix=".log" pattern="%A %h %l %u %t '%r' %s %b" resolveHosts="false"/> </Host> </Engine> </Service> On the Ubuntu OS, I've configured my /etc/hosts file as follows: 127.0.0.1 localhost.localdomain localhost 1.2.3.4 www.domain1.com domain1.com domain1 5.6.7.8 www.domain2.com domain2.com domain2 My DNS settings contain the following A records: for domain1.com [blank] 1.2.3.4 www 1.2.3.4 for domain2.com [blank] 5.6.7.8 www 5.6.7.8 When I use HTTP (without SSL), it works fine, as it's using the name-based virtual hosting. When I use HTTPS (with SSL and useIPVHosts="true"), I'm always sent to the default host. When I look at the log files generated by the AccessLogValve, I'm always getting IP address 1.2.3.4 for the Local IP address (%A), regardless of how I access the websites on the browser - via HTTP or HTTPs, and via IP address or domain name. Even if I enter the IP address http://5.6.7.8 or https://5.6.7.8 in the browser, the access logs list 1.2.3.4 as the local IP. Any suggestions on how to troubleshoot? Thanks in advance, Assaf
