Re: One host, two SSL sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El Martes, 20 de Enero de 2009 21:21:37 Brian Mearns escribió:
> On Tue, Jan 20, 2009 at 3:17 PM, John Oliver <joliver@xxxxxxxxxxxxxxx> wrote:
> > If it would turn out to be easier to do this another way, that's fine.
> > But I remember it as always having been a no-no to even try to get SSL
> > working with VirtualHosts.
> >
> 
> Not at all, it's really just name based vhosts that cause problems for
> SSL, because only one host gets picked to present the certificate,
> which means all the hosts have to use the same certificate. However,
> as far as I understand, if you use ip-address or port-based vhosts,
> then this shouldn't be a problem. Apache can easily find the correct
> vhost if it's only base on ip address and port number, it's just that
> it can't try to find a name-based vhost until the SSL decryption has
> occured.
> 
True.  You can even use NameVirtualHosts with SSL (TLS) with apache 2.2, but few browsers support the SNI extension to the TLS protocol as of today.
So, you can certainly get this to work as you have one IP per VirtualHost, it should be quite straightforward.

I'm not familiar with the RHEL init scripts. However, looking at yours it seems to me that you need to change more things if you want to get those two instances work independently. For instance, you should also change your httpd.conf to set the new PidFile to /var/run/httpd2.pid. You should read the /etc/rc.d/init.d/functions file to understand better what this script is really doing (like those killproc functions that would likely kill both instances when you try to stop just one).
As for the httpd=${HTTPD-/usr/sbin/httpd}, it means that httpd is set to whatever $HTTPD is and if it is not set, take /usr/sbin/httpd. I guess HTTPD if set anywhere, that place would be /etc/sysconfig/httpd2.

In conclusion, I would go for the virtualhost solution, too much hassle otherwise.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux