[SATLUG] Apache with 1 IP, two SSL sites, different ports

Gabriel Doss gabriel.doss at gmail.com
Wed May 20 18:31:58 CDT 2009


Henry,

Thanks for the response. I'll try that tomorrow when I get to work, or maybe
I'll have time tonight to set up something similar on my test box at home.

My concern with using redirect was that it seemed the cert that would be
established would be for the first site, not the second site, is that
correct? Would then a second encryption connection be made with the redirect
or would the incorrect first cert be in order?

If this is the case, it seems I may be better off adding eth0:0 or
installing a second network card and using a second IP address and port
4443, rather than trying to force a redirect after encryption being
established.

Thanks,

Gabriel

On Wed, May 20, 2009 at 5:37 PM, Henry Pugsley <henry.pugsley at gmail.com>wrote:

> On Wed, May 20, 2009 at 3:59 PM, Gabriel Doss <gabriel.doss at gmail.com>
> wrote:
> > I am trying to get apache-2.2 to serve three sites, one http and two
> https
> > with separate self-signed certs. I know apache requires different ports
> for
> > all three since two are SSL and cannot share a same IP/same port
> > configuration like http traffic can.
> >
> > So, I've set apache to listen on ports 80, 443, and 4443, set up
> > NameVirtualHost to also listen on those three ports, and set up three
> > VirtualHost, each with their respective port specified, as well as
> > DocumentRoot and ServerName. The two SSL sites have the path to their
> > certificate and enable SSLEngine.
> >
> > The site and port 80 and port 443 work just fine, but the site on port
> 4443
> > only works when I specify the port in the URL. If the port is not
> specified
> > in the URL the site displayed is the one on port 443. The following may
> help
> > if that is confusing.
> >
> > On port 80:
> > http://nonsecure.domain.com -- all OK
> >
> > On port 443:
> > https://secure1.domain.com -- all OK
> >
> > On port 4443:
> > https://secure2.domain.com -- appears as https://secure1.domain.com
> > https://secure2.domain.com:4443 -- all OK
> >
> > Any thoughts?
> >
> > Thanks,
> >
> > Gabriel
>
> That is expected behavior.  When you specify
> https://secure1.domain.com or https://secure2.domain.com, and both
> resolve to the same IP address, you're going to get the same site
> because you are accessing <ip addres>:443.  NameVirtualHosts are
> irrelevant when it comes to SSL.  It works when you specify :4443
> because the browser attempts a SSL connection on the non-standard
> port.  If you don't want https://secure2.domain.com to show up as
> https://secure1.domain.com, you could setup a RedirectMatch or
> RewriteRule that sends people to the proper port.
>
> -Henry
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list