On Nov 1, 2007 11:14 AM, Hans <hans@xxxxxxxxxx> wrote: > I have one main VIP 65.65.65.65 for vhosts which share that IP, and if > customer needs(like in the case of ssl) he will get another IP e.g. > 65.65.65.66. I always thought that for ssl is important public IP not > private on host. I think that it is some limitation of Apache that it > cannot listen on virtual public IP, but only on IP's which host directly > uses. This is not a limitation of apache, but a limitation of the IP protocol. You must realise how NAT works. IP packets with a destination address of 65.65.65.65 get (based on how you configure your NAT device) their destination address rewritten to eg. 192.168.2.1. There is no way for the apache server to know that the original destination IP was, so there is no way for the apache server to act on this info. There isusually also no _need_ for this. > I wonder how other hosting companies with load balance solved that > problem. I cannot believe that somebody with 200 domains and lets say > 150IP plays with port numbers. They either do that, work with ports, or what is more common, terminate SSL on the loadbalancer. In this scenario the cert gets installed on the loadbalancer, which does the SSL handshake and decoding, and then forward it to port 80 on one or several backend http server. There name based virtualhosts will work just fine. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|