But everyone told me that each site needs its own IP or port to run on when it comes to SSL.... On 5/26/06, Om <omprakash@xxxxxxxxxxxx> wrote:
Hi,
I am using apache 2.2.2
and I am running multiple sites on SSL.
It works fine.
<VirtualHost 192.168.1.3:443>
# General setup for the virtual host
DocumentRoot "/www/docs/site1"
ServerName site1.mydomain.com
ServerAdmin admin@xxxxxxxxxxxx
ErrorLog /opt/apache2.2/logs/error_log
TransferLog /opt/apache2.2/logs/access_log
SSLEngine on
SSLCertificateFile /opt/apache2.2/sslkeys/server.crt
SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /opt/apache2.2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.1.3:443>
# General setup for the virtual host
DocumentRoot "/www/docs/site2"
ServerName site2.mydomain.com
ServerAdmin admin@xxxxxxxxxxxx
ErrorLog /opt/apache2.2/logs/error_log
TransferLog /opt/apache2.2/logs/access_log
SSLEngine on
SSLCertificateFile /opt/apache2.2/sslkeys/server1.crt
SSLCertificateKeyFile /opt/apache2.2/sslkeys/server.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /opt/apache2.2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
You will not all the directives of the above configuration.
Let me know the result.
Thanks,
Om.
omprakash@xxxxxxxxxxxx
+91 9866 666460
Brian Rectanus wrote:
> On 5/26/06, Shai <shaibn@xxxxxxxxx> wrote:
>> On 5/26/06, Brian Rectanus <brectanu@xxxxxxxxx> wrote:
>> > On 5/25/06, Shai <shaibn@xxxxxxxxx> wrote:
>> > > Hi,
>> > >
>> > > Since I'm a home user and I only have 1 IP but I still want to make
>> > > access to my SSL secured sites, I decided I can't use vhosts since
>> > > those either need to configure different ports or separate IP per
>> > > vhost.
>> > >
>> > > So what I want to use now are aliases like:
>> > >
>> > > https://mydomain.com/webmail
>> > > and
>> > > https://mydomain.com/admin
>> > >
>> > > etc etc ...
>> > >
>> > > That said, I still want to have separate logs per site. Can that be
>> > > done? If yes, how?
>> > >
>> > > Thanks in advance,
>> > > Shai
>> > >
>> >
>> > Couple of different ways:
>> >
>> > 1) Set env vars for different 'sites'
>> >
>> > SetEnvIf Request_URI ^/webmail site-webmail
>> > SetEnvIf Request_URI ^/admin site-admin
>> > CustomLog webmail-access_log common env=site-webmail
>> > CustomLog admin-access_log common env=site-admin
>> >
>> > 2) Reverse proxy to vhost on localhost port
>> >
>> > Listen 443
>> > <VirtualHost *:443>
>> > ...
>> > ProxyPass /webmail/ http://localhost:8443/
>> > ProxyPass /admin/ http://localhost:9443/
>> > ProxyPassReverse /webmail/ http://localhost:8443/
>> > ProxyPassReverse /admin/ http://localhost:9443/
>> > </VirtualHost>
>> >
>> > Listen localhost:8443
>> > <VirtualHost *:8443>
>> > ...
>> > </VirtualHost>
>> >
>> > Listen localhost:9443
>> > <VirtualHost *:9443>
>> > ...
>> > </VirtualHost>
>> >
>> > Well, there is two ways at least.
>> >
>> > -B
>>
>> Brian,
>>
>> Thanks for your quick response :)
>>
>> I just don't understand exactly why you placed those 3 dots here:
>> <VirtualHost *:443>
>> ...
>>
>> What exactly did you imply i should place in this vhost directive?
>>
>> Also, I think that in the other two vhosts you want me to put the same
>> info I have today in my vhosts?
>>
>> Thanks for your help,
>> Shai
>
> Actually, I was a bit tired when I wrote that ;) So, change 8443 =>
> 8001, 9443 => 8002 (they were not intended to be SSL)
>
> You would setup the 443 virtual host to minimally serve mydomain.com
> SSL with minimal logging, but put the handlers for webmail and admin
> in the 8001 and 8002 virtual hosts. The actual handling is done in
> the 8001/8002 with 443 deciding which of those to call. You might
> also want a non-ssl *:80 virtual host with a redirect to SSL (if you
> want to force SSL always):
>
> <VirtualHost *:80>
> ServerName mydomain.com
> ...
> RewriteEngine On
> RewriteRule ^/(.*) https://mydomain.com/$1 [R,L]
> </VirtualHost>
>
> The '...' being anything else you need (logging maybe), but not required.
>
> Also, if you have problems with the /webmail and /admin prefixes
> messing things up (being stripped off), then setup the 8001/8002
> vhosts with them and add the prefix onto the right hand side of the
> ProxyPass[Reverse] lines (ProxyPass /webmail
> https://localhost/webmail, etc.).
>
> Does that make more sense? This is just a reverse proxy setup (see
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html for more details
> and syntax)
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|