Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP based virtual hosts on DSL?

Status
Not open for further replies.
musichax0r

musichax0r

Programmer
Sep 19, 2003
10
US
I've been researching and trying to accomplish this, but it isn't working so far and I'm not sure why. Here is my setup, please let me know if you have any ideas. Thanks.

ADSL:
Port 80 forwarded to 192.168.0.1
Static WAN IP: 60.70.80.90 (only an example ip)
LAN IP: 192.168.1.1

Gateway Router IP: 192.168.0.1
Port forwarded to 192.168.0.4
Netmask: 255.255.255.262 (example)

Web Server Apache 2 Virtual hosts:
eth0 IP: 192.168.0.4 /var/eth0:0 IP: 192.168.0.5 /var/eth0:1 IP: 192.168.0.6 /var/
I can give more info if necessary, but I think this might be enough to tell you if it will work or not. I get the maindomain.com page no matter which domain I type. I get the same page if I type the local ip address instead of the url (as in or .5 or .6)

Let me know what you think. Thanks. Also, if you have suggestions on software I can use to set this up and manage it without doing it manually in the config files please let me know. I currently use webmin in addition to editing files, but I find webmin confusing in some areas.
 
Sort by date Sort by votes
Thanks, I thought that might be the case. I wanted to use SSL on one of the domain and no SSL on the rest...any chance that is still possible with name based?
 
Upvote 0 Downvote
You can have as many HTTP sites as you want on a single IP address.

But only one HTTPS site can be placed on an IP address. This is because in a multi-site/single-ip scenario, the web server uses the "Host:" header of HTTP1.1 to determine which web site to serve. However, the SSL handshake must be completed and the secure channel set up before that header can be sent.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
How about maindomain.com on port 80, seconddomain.com on port 443 (SSL), thirddomain.com on port 8080 port-mapped (& NAT'ed) at the router from the Internet routable address (ISP provided)?


That could work?

Laurie.
 
Upvote 0 Downvote
You don't need to go to alternate ports on HTTP domains. You can have as many name-based sites as you want on a single IP address, so long as the various sites can be differentiated by host names.

And that one HTTPS site can be on the same IP. It's just that you'll need another IP or another port should you need a second HTTPS site.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I've been testing this very thing ALL day long. Here is what I have found on Apache 2.0.47 on Mandrake linux.
Code: 
##########################################################
httpd.conf
- - - - - - - - - - - - - - - - - 
NO virtual host information
- - - - - - - - - - - - - - - - - 

Vhosts.conf
- - - - - - - 
NameVirtualHost 192.168.0.2

<VirtualHost 192.168.0.2:80>
UseCanonicalName off
ServerName [URL unfurl="true"]www.maindomain.biz[/URL]
ServerAlias maindomain.biz
ServerAdmin webmaster@maindomain.biz
DocumentRoot /var/[URL unfurl="true"]www/html/maindomain[/URL]
ScriptAlias /cgi-bin/ &quot;/var/[URL unfurl="true"]www/cgi-bin/maindomain&quot;[/URL]
ErrorLog /etc/httpd/logs/maindomain/error.log
CustomLog /etc/httpd/logs/maindomain/access.log common
CustomLog /etc/httpd/logs/maindomain/referer.log referer
CustomLog /etc/httpd/logs/maindomain/agent.log agent
</VirtualHost>

<VirtualHost 192.168.0.2:80>
UseCanonicalName off
ServerName [URL unfurl="true"]www.domain2.com[/URL]
ServerAlias domain2.com
ServerAdmin webmaster@domain2.com
DocumentRoot /var/[URL unfurl="true"]www/html/domain2[/URL]
ScriptAlias /cgi-bin/ &quot;/var/[URL unfurl="true"]www/cgi-bin/domain2&quot;[/URL]
ErrorLog /etc/httpd/logs/domain2/error.log
CustomLog /etc/httpd/logs/domain2/access.log common
CustomLog /etc/httpd/logs/domain2/referer.log referer
CustomLog /etc/httpd/logs/domain2/agent.log agent
</VirtualHost>

<VirtualHost 192.168.0.2:80>
UseCanonicalName off
ServerName [URL unfurl="true"]www.domain3.com[/URL]
ServerAlias domain3.com
ServerAdmin webmaster@domain3.com
DocumentRoot /var/[URL unfurl="true"]www/html/domain3[/URL]
ScriptAlias /cgi-bin/ &quot;/var/[URL unfurl="true"]www/cgi-bin/domain3&quot;[/URL]
ErrorLog /etc/httpd/logs/domain3/error.log
CustomLog /etc/httpd/logs/domain3/access.log common
CustomLog /etc/httpd/logs/domain3/referer.log referer
CustomLog /etc/httpd/logs/domain3/agent.log agent
</VirtualHost>
- - - - - - - - - - - - - - - - - 

ssl.default-vhost.conf
- - - - - - - - - - - - 
<IfModule mod_ssl.c>
<VirtualHost 192.168.0.2:443>
UseCanonicalName off
ServerName [URL unfurl="true"]www.maindomain.biz[/URL]
ServerAdmin webmaster@maindomain.biz
DocumentRoot /var/[URL unfurl="true"]www/html/maindomain[/URL]
ScriptAlias /cgi-bin/ &quot;/var/[URL unfurl="true"]www/cgi-bin/maindomain&quot;[/URL]
SSLEngine on
SSLCertificateFile /etc/ssl/apache/server.crt
SSLCertificateKeyFile /etc/ssl/apache/server.key
</VirtualHost>
</IfModule>
- - - - - - - - - - - - - - - - - 
##########################################################

With this setup the SSL site does NOT work, but the virtual hosts all work correctly. However, If I simply comment OUT the line:

Code: 
NameVirtualHost 192.168.0.2

in Vhosts.conf, the ssl site will work correctly along with the maindomain site, but the other two virtual domains don't work...they only point back to maindomain.

I've read all over the internet that you can have one ssl site with name based virtual hosts, but I think it might just be impossible on apache 2. Funny that that one line makes the difference. If anyone knows what the problem is, PLEASE let me know. I might make this new problem it's own thread.

Thanks.
 
Upvote 0 Downvote
&quot;I've read all over the internet that you can have one ssl site with name based virtual hosts&quot;.

I'd be interested in some of the places where you've read this because I've never seen name based virtual hosts and ssl work together. In fact, in the Apache faq's you willl find:

Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!

Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?
Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.

It comes as rather a shock to learn that it is impossible.

The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the problem is that the SSL session is a separate transaction that takes place before the HTTP session even starts. Therefore all the server receives is an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds that matches the port and IP address.

You can, of course, use Name-Based Virtual Hosting to identify many non-SSL virtual hosts (all on port 80, for example) and then you can have no more than 1 SSL virtual host (on port 443). But if you do this, you must make sure to put the non-SSL port number on the NameVirtualHost directive, e.g.

NameVirtualHost 192.168.1.1:80

Other workaround solutions are:

Use separate IP addresses for different SSL hosts. Use different port numbers for different SSL hosts.

And the same is true for all earlier versions of Apache HTTP server.
 
Upvote 0 Downvote
Thanks man, adding the :80 to the NameVirtualHost fixed the problem. I read over the documentation several times, but never seemed to catch that point.
 
Upvote 0 Downvote
smah i think that u should put this as an FAQ as it was a very good and interesting read.

To err is human, to completely mess up takes a computer. [morning]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
185
bhuv560
bhuv560
malpa
  • Locked
  • Question
block incoming snmp traps from ip
Replies
1
Views
308
malpa
malpa
gregor weertman
  • Locked
  • Question
set samba &quot;template shell&quot; dependent on group
Replies
0
Views
177
gregor weertman
gregor weertman
lslamp
  • Locked
  • Question
Bash Onliner ... 1
Replies
2
Views
344
lslamp
lslamp
kevinds
  • Locked
  • Question
Help With Per File/Folder Restriction Based on HTTPS Client Certificate's CN
Replies
0
Views
164
kevinds
kevinds

Part and Inventory Search

Sponsor

Back
Top