But everyone told me that each site needs its own IP or port to run on when it comes to SSL.... On 5/26/06, Om <omprakash@xxxxxxxxxxxx> wrote:
Hi, I am using apache 2.2.2 and I am running multiple sites on SSL. It works fine. <VirtualHost 192.168.1.3:443> # General setup for the virtual host DocumentRoot "/www/docs/site1" ServerName site1.mydomain.com ServerAdmin admin@xxxxxxxxxxxx ErrorLog /opt/apache2.2/logs/error_log TransferLog /opt/apache2.2/logs/access_log SSLEngine on SSLCertificateFile /opt/apache2.2/sslkeys/server.crt SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /opt/apache2.2/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost 192.168.1.3:443> # General setup for the virtual host DocumentRoot "/www/docs/site2" ServerName site2.mydomain.com ServerAdmin admin@xxxxxxxxxxxx ErrorLog /opt/apache2.2/logs/error_log TransferLog /opt/apache2.2/logs/access_log SSLEngine on SSLCertificateFile /opt/apache2.2/sslkeys/server1.crt SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /opt/apache2.2/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> You will not all the directives of the above configuration. Let me know the result. Thanks, Om. omprakash@xxxxxxxxxxxx +91 9866 666460 Brian Rectanus wrote: > On 5/26/06, Shai <shaibn@xxxxxxxxx> wrote: >> On 5/26/06, Brian Rectanus <brectanu@xxxxxxxxx> wrote: >> > On 5/25/06, Shai <shaibn@xxxxxxxxx> wrote: >> > > Hi, >> > > >> > > Since I'm a home user and I only have 1 IP but I still want to make >> > > access to my SSL secured sites, I decided I can't use vhosts since >> > > those either need to configure different ports or separate IP per >> > > vhost. >> > > >> > > So what I want to use now are aliases like: >> > > >> > > https://mydomain.com/webmail >> > > and >> > > https://mydomain.com/admin >> > > >> > > etc etc ... >> > > >> > > That said, I still want to have separate logs per site. Can that be >> > > done? If yes, how? >> > > >> > > Thanks in advance, >> > > Shai >> > > >> > >> > Couple of different ways: >> > >> > 1) Set env vars for different 'sites' >> > >> > SetEnvIf Request_URI ^/webmail site-webmail >> > SetEnvIf Request_URI ^/admin site-admin >> > CustomLog webmail-access_log common env=site-webmail >> > CustomLog admin-access_log common env=site-admin >> > >> > 2) Reverse proxy to vhost on localhost port >> > >> > Listen 443 >> > <VirtualHost *:443> >> > ... >> > ProxyPass /webmail/ http://localhost:8443/ >> > ProxyPass /admin/ http://localhost:9443/ >> > ProxyPassReverse /webmail/ http://localhost:8443/ >> > ProxyPassReverse /admin/ http://localhost:9443/ >> > </VirtualHost> >> > >> > Listen localhost:8443 >> > <VirtualHost *:8443> >> > ... >> > </VirtualHost> >> > >> > Listen localhost:9443 >> > <VirtualHost *:9443> >> > ... >> > </VirtualHost> >> > >> > Well, there is two ways at least. >> > >> > -B >> >> Brian, >> >> Thanks for your quick response :) >> >> I just don't understand exactly why you placed those 3 dots here: >> <VirtualHost *:443> >> ... >> >> What exactly did you imply i should place in this vhost directive? >> >> Also, I think that in the other two vhosts you want me to put the same >> info I have today in my vhosts? >> >> Thanks for your help, >> Shai > > Actually, I was a bit tired when I wrote that ;) So, change 8443 => > 8001, 9443 => 8002 (they were not intended to be SSL) > > You would setup the 443 virtual host to minimally serve mydomain.com > SSL with minimal logging, but put the handlers for webmail and admin > in the 8001 and 8002 virtual hosts. The actual handling is done in > the 8001/8002 with 443 deciding which of those to call. You might > also want a non-ssl *:80 virtual host with a redirect to SSL (if you > want to force SSL always): > > <VirtualHost *:80> > ServerName mydomain.com > ... > RewriteEngine On > RewriteRule ^/(.*) https://mydomain.com/$1 [R,L] > </VirtualHost> > > The '...' being anything else you need (logging maybe), but not required. > > Also, if you have problems with the /webmail and /admin prefixes > messing things up (being stripped off), then setup the 8001/8002 > vhosts with them and add the prefix onto the right hand side of the > ProxyPass[Reverse] lines (ProxyPass /webmail > https://localhost/webmail, etc.). > > Does that make more sense? This is just a reverse proxy setup (see > http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details > and syntax) > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx