On 10/27/07, Hans <hans@xxxxxxxxxx> wrote: > Hi! > I 've checked many websites and forums as well as books but I cannot > find solution for my problem. > I have one server behind NAT(pfsense firewall), until last week I was > using one IP for all virtual hosts. > My conf was: > Namevirtualhost *:80 > <Virtualhost *:80> > Namevirutalhost *:443 > <VirtualHost *:443> > > In last week our customer requested to put new ssl cert for him with his > own IP. I created VIP and forwarded to ports:80 and 443. > But I have problem with configuration. > > Before few words about my future conf, during next few weeks I will > install Load Balancing enviroment with 2 identical active/active > webservers which conf created is automatically from mysql database. Both > machine will be behind NAT and need to use only public IP's is > configuration for virtual hosts. I cannot use for virtualhost eg. > 192.168.2.10,192.168.2.11(because for vhost generated will be only > public IP 65.65.65.65). > > So back to my question. I wanted change confiuguration from *:80 (*:443) > to public 65.65.65.65:80 (65.65.65.65:443). But when I tried access > websites it always directed me to default website. I tried <127.0.0.1:80 > 65.65.65.65:80> the same effect. > On the end I tried <192.168.2.10:80 65.65.65.65.80> (the same for 443) > and it works correctly (I mean I can access to each vhost) except that > my customer doesn't get his own ssl cert but shared between rest from > default domain (I guess it takes cert from first virtual domain). > How can I force Apache to use only public IP's (without LAN IP) behind > NAT and it correctly find virtual hosts ? - You can't do name virtual hosts with SSL. - You can't configure a virtual host with an IP that the machine doesn't own. So if your public IP is 65.65.65.65, and this is ip is allocatied to a loadbalancer (or any other device that does NAT) than this is of no concern to your webserver. So if 65.65.65.65 gets loadbalanced between 192.168.2.10 and 192.168.2.11 than on both hosts you will need something like: NameVirtualHost *:80 <VirtualHost *:80> ServerName Myfirstcustomer.com #rest of config here .... </VirtualHost> <VirtualHost *:80> ServerName Mysecondcustomer.com # rest of config here .... </VirtualHost> But you can't do this with SSL servers. There you will need a separate public IP for each SSL site. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|