Re: multiple https hosts behind nat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Krist van Besien wrote:

On 6/13/07, Aaron <ml@xxxxxxxxxxxxxx> wrote:

Hi All,

I am running OpenBSD and their default install of apache (BSD patched
version 1.3.29) behind a nat.  I want to use ip based virtual hosts on
the main web server so that I can run multiple ssl sites with a diff.
certificate for each.  Since i'm behind a nat, the outside world
obviously can't see my individual ips for the virtuals hosts.  Can I use
another box running apache with mod_proxy to reverse proxy the https
requests to the correct virtual host/ip?  I thought that i read
somewhere that this wouldn't work because the request is encrypted, thus
no way to get the servername out of the request without decrypting it,
but then i saw a post from back in jan. it was said that this is
possible using mod_proxy and mod_proxy_connect (so that the proxying
machine doesn't do any handling of the certificates) for one host
running https.  Would this also work for multiple hosts like I need?
Will this work for the 1.x version of Apache that i'm using?  Would
simply using mod_proxy with the AllowCONNECT directive work?

I do read the docs, and search the archives (google too), but i can't
find exactly what i'm looking for, so if anyone does know a positive
answer to this, a very brief example would be greatly appreciated.


Do you have a different IP for each of your hosts on the public side
of your NAT firewall? If yes, then you just have the NAT firewall
forward each IP to its corresponding apache instance on your
webserver. If not, than you can't do what you are trying to do.

mod_connect will be of no use, as all it does is pass bytes back and
forth between to network sockets. It doesn't do anything based on
what's in the stream.

Krist
No multiple IPs on the outside. I would just do a 1 to 1 nat if that were the case. 

Thanks again,

Aaron

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux