Re: How to have multiple SSL ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On May 27, 2012 18:02 , Nataraj <incoming-apache@xxxxxxx> wrote:
I am running apache 2.2 and would like to have the server listen on a
second SSL port.  I don't need to use a separate certificate or anything
like that.  All I want to be able to do is to rewrite the URL (already
know how to do that), so that a portion of the website gets redirected
to a separate port.  This will allow me to use firewall access lists so
that part of the web site is only accessable to specific IP addresses.

If you want to restrict access to parts of the web site, do not use a firewall: a firewall is the wrong tool for the job, and you will actually be making things much harder on yourself by trying to do it that way. Instead, use the access control directives built into Apache HTTP Server to control which parts of the web site are accessible from which IP addresses. For Apache HTTP Server 2.2, this is done with the "Allow" and "Deny" directives. For more details and lots of examples, see

https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html


I would like the web server to serve SSL on both ports 443 and 5678, so
the public part of the web site would be accessible on port 443.  I
tried editing ssl.conf and adding a second port, but wasn't sure what to
do with the<VirtualHost _default_:443>  line.

You will need to duplicate all of the configuration for the port 443 SSL virtual host in order to set up an additional virtual host on port 5678. This includes:

- A "Listen" directive for port 5678.

- A "VirtualHost" stanza for the second web virtual host (for example, "<VirtualHost _default_:5678>") that contains a duplicate of all of the configuration directives that are inside the VirtualHost stanza for port 443. (Note that use "*:443" instead of "_default_:443" in my configs, but hopefully using _default_ in both VirtualHost stanzas will work for you; see the documentation for the VirtualHost directive to understand the difference).


I hope this helps.

--
  Mark Montague
  mark@xxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux