[SATLUG] Apache with 1 IP, two SSL sites, different ports

Henry Pugsley henry.pugsley at gmail.com
Wed May 20 17:37:16 CDT 2009


On Wed, May 20, 2009 at 3:59 PM, Gabriel Doss <gabriel.doss at gmail.com> wrote:
> I am trying to get apache-2.2 to serve three sites, one http and two https
> with separate self-signed certs. I know apache requires different ports for
> all three since two are SSL and cannot share a same IP/same port
> configuration like http traffic can.
>
> So, I've set apache to listen on ports 80, 443, and 4443, set up
> NameVirtualHost to also listen on those three ports, and set up three
> VirtualHost, each with their respective port specified, as well as
> DocumentRoot and ServerName. The two SSL sites have the path to their
> certificate and enable SSLEngine.
>
> The site and port 80 and port 443 work just fine, but the site on port 4443
> only works when I specify the port in the URL. If the port is not specified
> in the URL the site displayed is the one on port 443. The following may help
> if that is confusing.
>
> On port 80:
> http://nonsecure.domain.com -- all OK
>
> On port 443:
> https://secure1.domain.com -- all OK
>
> On port 4443:
> https://secure2.domain.com -- appears as https://secure1.domain.com
> https://secure2.domain.com:4443 -- all OK
>
> Any thoughts?
>
> Thanks,
>
> Gabriel

That is expected behavior.  When you specify
https://secure1.domain.com or https://secure2.domain.com, and both
resolve to the same IP address, you're going to get the same site
because you are accessing <ip addres>:443.  NameVirtualHosts are
irrelevant when it comes to SSL.  It works when you specify :4443
because the browser attempts a SSL connection on the non-standard
port.  If you don't want https://secure2.domain.com to show up as
https://secure1.domain.com, you could setup a RedirectMatch or
RewriteRule that sends people to the proper port.

-Henry


More information about the SATLUG mailing list