On 04/01/2016 09:00 PM, Brandon L. Wisenburg wrote:Yes, absolutely. I do this routinely for all my sites. I have a highly compartmentalized configuration but hopefully you'll get the gist of it. This is what I use at the top level for parts-unknown.org: Listen 50.250.218.163:80 Listen 50.250.218.163:443 <VirtualHost 50.250.218.163:80> Include sites-available/parts-unknown.org-common Include sites-available/force-ssl-common Include sites-available/parts-unknown.org-log-common </VirtualHost> <VirtualHost 50.250.218.163:443> Include sites-available/parts-unknown.org-common Include sites-available/ssl-common Include sites-available/parts-unknown.org-log-common </VirtualHost> As you can see, I have multiple Listen declarations and multiple virtual hosts. But the real magic (which probably isn't so magical if you actually understand this stuff) is in force-ssl-common: <IfModule mod_rewrite.c> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </IfModule> I don't use SNI basically because I started hosting these sites before SNI was widely available and even when it started becoming widely available it seemed broken (I gather this is no longer the case). I don't know how or if that would change this configuration. -- David Benfell, Ph.D. benfell@xxxxxxxxxxxxxxxxx |
Attachment:
signature.asc
Description: OpenPGP digital signature
|