Re: problem with NAT, Public IP's and SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On Nov 1, 2007 11:14 AM, Hans <hans@xxxxxxxxxx> wrote:
> > I have one main VIP 65.65.65.65 for vhosts which share that IP, and if
> > customer needs(like in the case of ssl) he will get another IP e.g.
> > 65.65.65.66. I always thought that for ssl is important public IP not
> > private on host. I think that it is some limitation of Apache that it
> > cannot listen on virtual public IP, but only on IP's which host directly
> > uses.

On 01.11.07 13:10, Krist van Besien wrote:
> This is not a limitation of apache, but a limitation of the IP protocol.

pardon, it's more the limitation of HTTP/SSL protocol. Some browsers and
servers may even support SSL renegotiation, but I currently don't know about
any.

> > I wonder how other hosting companies with load balance solved that
> > problem. I cannot believe that somebody with 200 domains and lets say
> > 150IP plays with port numbers.

> They either do that, work with ports, or what is more common,
> terminate SSL on the loadbalancer. In this scenario the cert gets
> installed on the loadbalancer, which does the SSL handshake and
> decoding, and then forward it to port 80 on one or several backend
> http server. There name based virtualhosts will work just fine.

and if this is not possile, the ISP has to configure more IPS or ports on
balancer AND webservers both. It's one of reasons my employer doesn't
support that yet (it's much work to do it manually and hard work to do that
automatically)

-- 
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux