On 6/13/07, Aaron <ml@xxxxxxxxxxxxxx> wrote:
Hi All, I am running OpenBSD and their default install of apache (BSD patched version 1.3.29) behind a nat. I want to use ip based virtual hosts on the main web server so that I can run multiple ssl sites with a diff. certificate for each. Since i'm behind a nat, the outside world obviously can't see my individual ips for the virtuals hosts. Can I use another box running apache with mod_proxy to reverse proxy the https requests to the correct virtual host/ip? I thought that i read somewhere that this wouldn't work because the request is encrypted, thus no way to get the servername out of the request without decrypting it, but then i saw a post from back in jan. it was said that this is possible using mod_proxy and mod_proxy_connect (so that the proxying machine doesn't do any handling of the certificates) for one host running https. Would this also work for multiple hosts like I need? Will this work for the 1.x version of Apache that i'm using? Would simply using mod_proxy with the AllowCONNECT directive work? I do read the docs, and search the archives (google too), but i can't find exactly what i'm looking for, so if anyone does know a positive answer to this, a very brief example would be greatly appreciated.
Do you have a different IP for each of your hosts on the public side of your NAT firewall? If yes, then you just have the NAT firewall forward each IP to its corresponding apache instance on your webserver. If not, than you can't do what you are trying to do. mod_connect will be of no use, as all it does is pass bytes back and forth between to network sockets. It doesn't do anything based on what's in the stream. Krist -- krist.vanbesien@xxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx