Re: problem with NAT, Public IP's and SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Krist van Besien wrote:

On Nov 1, 2007 10:36 AM, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote:

On Nov 1, 2007 8:38 AM, Hans <hans@xxxxxxxxxx> wrote:


So in your config you have only <Public_IP:80 (443)> or
<Private_IP:80(443) Public_ip:80(443)>.

No. In your config you have:
Several of either
<VirtualHost *:80>
or
<VirtualHost private_ip:80>
(After "VirtualHost" you need to put exactly the same thing you've put
after your  NameVirtualHost statement.)

And you can have one
<VirtualHost *:443> blockt
or one
<VirtualHost IP:443> block for each IP _your server has_

But what you want, based on your description in your first post, is
not possible.
It is not possible to have multiple SSL based hosts each with their
own certificate on one IP address. This is not a limitation of Apache,
this is a limitation of the SSL protocol. If you want to know why,
read this: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts


Just another question, (I just reread your original post) what do you
mean that you got another VIP for your customer? Does that mean that
your firewall has a separate IP for your customer?

In that case you can solve your problem by telling Apache to bind to
an extra port (eg 444) and configuring your customer's SSL server on
that port.
You than configure your NAT firewall to forward traffic to your
customer's IP to port 80 and 444, in stead of port 80 and 443.

Krist
I have one main VIP 65.65.65.65 for vhosts which share that IP, and if customer needs(like in the case of ssl) he will get another IP e.g. 65.65.65.66. I always thought that for ssl is important public IP not private on host. I think that it is some limitation of Apache that it cannot listen on virtual public IP, but only on IP's which host directly uses. I wonder how other hosting companies with load balance solved that problem. I cannot believe that somebody with 200 domains and lets say 150IP plays with port numbers. 

Regards,
Hans


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux