On Wed, 2007-06-13 at 09:14 -0400, Joshua Slive wrote: > On 6/13/07, Aaron <ml@xxxxxxxxxxxxxx> wrote: > > > No multiple IPs on the outside. I would just do a 1 to 1 nat if that > > were the case. > > You're screwed then. You can't do IP-based virtual hosting with only a > single public IP. Well actually you can e.g.: NameVirtualHost my.ip:80 NameVirtualHost my.ip:443 <VirtualHost my.ip:80> SiteName site1.dns </VirtualHost> <VirtualHost my.ip:80> SiteName site2.dns </VirtualHost> <VirtualHost my.ip:443> SiteName site1.dns </VirtualHost> This is quite valid with only 1 public IP. The issues with ssl is that you can only do one site per public IP because of the chicken/egg problem with the SSL encoding of the HTTP head requests (which contain the headers required for processing virtual host requests). For non SSL requests IP based virtual hosting is fine because apache just inspects the HEAD request and drops it into the correct place. For SSL requests it ends up in the default (first configured for an IP based host) vhost for decryption of the SSL data with the key/cert configured in that setting and then it's too late to move vhosts if the HEAD request isn't for that particular vhost. Lesson: When it comes to SSL 1 site per [public] IP is the rule of thumb. While it is possible to configure apache to have more than one virtual host with separate certificates reality dictates that only the first (or default) virtual host will actually be used. -- Nikolai Lusan Systems Administrator Hitwise Pty. Ltd. Level 7 / 580 St Kilda Road Melbourne, Victoria 3004 Australia Phone: +61 3 8530 2400 Fax: +61 3 9529 8907 www.hitwise.com.au nikolai.lusan@xxxxxxxxxxx Worldwide: • United States • United Kingdom • Australia • New Zealand • Singapore • Hong Kong To subscribe to our complimentary monthly newsletter, visit: http://www.hitwise.com.au/ The information transmitted may be confidential, is intended only for the person to which it is addressed, and may not be reviewed, retransmitted, disseminated or relied upon by any other persons. If you received this message in error, please contact the sender and destroy any paper or electronic copies of this message. Any views expressed in this email communication are those of the individual sender, except where the sender specifically states otherwise. Hitwise does not represent, warrant or guarantee that the communication is free of errors, virus or interference. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|