Re: Idea for SSL with name-based Vhosts using two servers, mod_rewrite, and mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Brian Mearns wrote:
On Thu, Jan 8, 2009 at 10:06 AM, Frank Gingras
<francois.gingras@xxxxxxxxx> wrote:
In a scenario where you have two vhosts on *:443, apache will serve the
certificate from the first vhost for both sites, therefore generating a SSL
certificate mismatch if a client were to request content from the second
vhost, and so on.

Ok, I think that clears it up for me. If, for instance, I have two
sites and I want to serve both on 80 and 443, then I can set up 4
vhosts all together, a pair for each site where one in the pair
listens on 80 and the other listens on 443 with SSL enabled. mod_ssl
will choose the first vhost it finds on 443 and use the certificate
specified there, but once the HTTP is decrypted, Apache will be able
to use the Host header and port to choose the correct vhost. Is that
correct?

I guess my confusion was that I didn't realize the certificate is
picked from one vhost, but the content could still be served from
another.

-Brian

--

Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Yes, that is correct. The content from the appropriate vhost, based on the requested hostname, will be served.

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux