setting up SSL on server containing virtualhosts

16/10/2006, 17h35

What is the best way to implement an SSL site on a server already
containing HTTP virtualhosts? Do I need to run a separate Apache
instance?

Peter

16/10/2006, 19h58

The best way: Have multiple IP addresses, and have each virtualhost on
a separate IP address.

Other possible ways: Have each virtual host on different ports.

Thanks

Mike

Peter wrote:
> What is the best way to implement an SSL site on a server already
> containing HTTP virtualhosts? Do I need to run a separate Apache
> instance?
>
> Peter

16/10/2006, 20h20

MikeDawg wrote:
> The best way: Have multiple IP addresses, and have each virtualhost on
> a separate IP address.
>
> Other possible ways: Have each virtual host on different ports.
>
> Thanks
>
> Mike
>
> Peter wrote:
> > What is the best way to implement an SSL site on a server already
> > containing HTTP virtualhosts? Do I need to run a separate Apache
> > instance?
> >
> > Peter

Sorry for the top post on that one.

16/10/2006, 20h42

MikeDawg wrote:
> The best way: Have multiple IP addresses, and have each virtualhost on
> a separate IP address.
>
> Other possible ways: Have each virtual host on different ports.
>
> Thanks
>
> Mike
>
> Peter wrote:
> > What is the best way to implement an SSL site on a server already
> > containing HTTP virtualhosts? Do I need to run a separate Apache
> > instance?
> >
> > Peter

I thought you could not have a name-based SSL virtualhost? See here:

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

16/10/2006, 21h09

Davide Bianchi wrote:
> On 2006-10-16, Peter <pmatulis@gmail.com> wrote:
> > I thought you could not have a name-based SSL virtualhost?
>
> Sure you can have a name-based SSL vhost, you can even have more than one,
> as long as you don't care about the fact that all of them will use the same
> certificate.

I can have port 80 vhosts as well as port 443 vhosts?

16/10/2006, 21h14

On 2006-10-16, Peter <pmatulis@gmail.com> wrote:
> I can have port 80 vhosts as well as port 443 vhosts?

Yup. The default configuration when you use SSL "out of the box" is to
have one VHost handling port 80 and one handling port 443. As a matter
of fact you can have as many VHosts as you want listening on wathever
port(s) you want.

The problem in having multiple vhosts on https is that Apache can
discern which vhost you want only *after* the request has been decrypted,
so *after* the certificate has been used, and this means that all the
ssl-enabled vhost will use the same certificate.

Davide

--
Windows NT source code now available... download WIN2000.BAS now!
-- From a Slashdot.org post

16/10/2006, 22h39

On 2006-10-16, Peter <pmatulis@gmail.com> wrote:
> What is the best way to implement an SSL site on a server already
> containing HTTP virtualhosts?

Just add one VHost on port 443 and run SSL on that. You don't need
separate instances of Apache.

Davide

--
How dare the government intervene to stifle innovation in the computer
industry! That's Microsoft's job, dammit!

16/10/2006, 22h57

On 2006-10-16, Peter <pmatulis@gmail.com> wrote:
> I thought you could not have a name-based SSL virtualhost?

Sure you can have a name-based SSL vhost, you can even have more than one,
as long as you don't care about the fact that all of them will use the same
certificate.

Davide

--
I'm locked in a maze of little projects, all of which suck.
-- Chris "Saundo" Saunderson on alt.sysadmin.recovery

16/10/2006, 17h35	#1
Peter Messages: n/a Hébergeur:	setting up SSL on server containing virtualhosts What is the best way to implement an SSL site on a server already containing HTTP virtualhosts? Do I need to run a separate Apache instance? Peter

16/10/2006, 19h58	#2
MikeDawg Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts The best way: Have multiple IP addresses, and have each virtualhost on a separate IP address. Other possible ways: Have each virtual host on different ports. Thanks Mike Peter wrote: > What is the best way to implement an SSL site on a server already > containing HTTP virtualhosts? Do I need to run a separate Apache > instance? > > Peter

16/10/2006, 20h20	#3
MikeDawg Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts MikeDawg wrote: > The best way: Have multiple IP addresses, and have each virtualhost on > a separate IP address. > > Other possible ways: Have each virtual host on different ports. > > Thanks > > Mike > > Peter wrote: > > What is the best way to implement an SSL site on a server already > > containing HTTP virtualhosts? Do I need to run a separate Apache > > instance? > > > > Peter Sorry for the top post on that one.

16/10/2006, 20h42	#4
Peter Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts MikeDawg wrote: > The best way: Have multiple IP addresses, and have each virtualhost on > a separate IP address. > > Other possible ways: Have each virtual host on different ports. > > Thanks > > Mike > > Peter wrote: > > What is the best way to implement an SSL site on a server already > > containing HTTP virtualhosts? Do I need to run a separate Apache > > instance? > > > > Peter I thought you could not have a name-based SSL virtualhost? See here: http://httpd.apache.org/docs/1.3/vhosts/name-based.html

16/10/2006, 21h09	#5
Peter Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts Davide Bianchi wrote: > On 2006-10-16, Peter <pmatulis@gmail.com> wrote: > > I thought you could not have a name-based SSL virtualhost? > > Sure you can have a name-based SSL vhost, you can even have more than one, > as long as you don't care about the fact that all of them will use the same > certificate. I can have port 80 vhosts as well as port 443 vhosts?

16/10/2006, 21h14	#6
Davide Bianchi Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts On 2006-10-16, Peter <pmatulis@gmail.com> wrote: > I can have port 80 vhosts as well as port 443 vhosts? Yup. The default configuration when you use SSL "out of the box" is to have one VHost handling port 80 and one handling port 443. As a matter of fact you can have as many VHosts as you want listening on wathever port(s) you want. The problem in having multiple vhosts on https is that Apache can discern which vhost you want only after the request has been decrypted, so after the certificate has been used, and this means that all the ssl-enabled vhost will use the same certificate. Davide -- Windows NT source code now available... download WIN2000.BAS now! -- From a Slashdot.org post

16/10/2006, 22h39	#7
Davide Bianchi Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts On 2006-10-16, Peter <pmatulis@gmail.com> wrote: > What is the best way to implement an SSL site on a server already > containing HTTP virtualhosts? Just add one VHost on port 443 and run SSL on that. You don't need separate instances of Apache. Davide -- How dare the government intervene to stifle innovation in the computer industry! That's Microsoft's job, dammit!

16/10/2006, 22h57	#8
Davide Bianchi Messages: n/a Hébergeur:	Re: setting up SSL on server containing virtualhosts On 2006-10-16, Peter <pmatulis@gmail.com> wrote: > I thought you could not have a name-based SSL virtualhost? Sure you can have a name-based SSL vhost, you can even have more than one, as long as you don't care about the fact that all of them will use the same certificate. Davide -- I'm locked in a maze of little projects, all of which suck. -- Chris "Saundo" Saunderson on alt.sysadmin.recovery

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email