Re: problem with NAT, Public IP's and SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Nov 1, 2007 10:36 AM, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote:
> On Nov 1, 2007 8:38 AM, Hans <hans@xxxxxxxxxx> wrote:
>
> > So in your config you have only <Public_IP:80 (443)> or
> > <Private_IP:80(443) Public_ip:80(443)>.
>
> No. In your config you have:
> Several of either
> <VirtualHost *:80>
> or
> <VirtualHost private_ip:80>
> (After "VirtualHost" you need to put exactly the same thing you've put
> after your  NameVirtualHost statement.)
>
> And you can have one
> <VirtualHost *:443> blockt
> or one
> <VirtualHost IP:443> block for each IP _your server has_
>
> But what you want, based on your description in your first post, is
> not possible.
> It is not possible to have multiple SSL based hosts each with their
> own certificate on one IP address. This is not a limitation of Apache,
> this is a limitation of the SSL protocol. If you want to know why,
> read this: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts

Just another question, (I just reread your original post) what do you
mean that you got another VIP for your customer? Does that mean that
your firewall has a separate IP for your customer?

In that case you can solve your problem by telling Apache to bind to
an extra port (eg 444) and configuring your customer's SSL server on
that port.
You than configure your NAT firewall to forward traffic to your
customer's IP to port 80 and 444, in stead of port 80 and 443.

Krist

-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux