Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple Virtual Hosts and SSL 2

Status
Not open for further replies.
Hondy

Hondy

Technical User
Mar 3, 2003
864
GB
Hey there,


I have a CentOS Apache set up, i have 2 domain names to host:

and test.example.com

www. already has the default status, how do I make it so that test. is also SSL?

I understand I could use 2 IPs, but there is also another way (is it SNI or something?)

Any tell me how to do it (noob fashion)?

Thanks
 
Sort by date Sort by votes
With standard http vhosts you can use name based addressing where apache uses the "ServerName" directive to resolve each request. Because of the way the header information is handled for https, you cannot use name based addressing. Instead, apache relies on ip addressing. The long and short of it is that if you have more than one ssl host, your either need to have more than one interface or use the virtual ip method where one NIC has multiple ip addresses. Just as with name based addressing if a request cannot be resolved the first vhost defined becomes the default. That is why it works fine for one but not two or more.

 
Upvote 0 Downvote
damn!

Ok I have removed the virtualnames and gone for IP ok so I have 3 hosts set up as follows (all on one NIC)

192.168.0.1:80/443

192.168.0.2:80/443
admin.example.com

192.168.0.2:80 <-------- how do I configure this?*
moreadmin.example.com

*I'm kinda stuck now, obviously this 3rd one wont work. I can't use my third host without adding in a new IP address or using a different port which kinda sucks unless there is a way around it?


Also--- problem 2, how do I force the use of SSL on the admin.example.com? Do I use port 80 to redirect in some way?

Thanks!
 
Upvote 0 Downvote
You don't use port 80. That is for http. You will use port 443 for https. How did you configure your nic for virtual ip addressing? It usually takes two steps. One to add the virtual interface and one to add the route info. You will lose all those commands though next time you reboot so one way is to create a start script that will load on bootup or place them in /etc/rc.d/rc.local.
 
Upvote 0 Downvote
yeh thats how I want it, it doesn't need to be https. The title of the post is slightly incorrect now as I managed to install my 2 certificates, its just the 3rd vhost i need to get working now but I can't figure out how to do it without using a new IP or port. I can do all this on IIS no problem but its more of a challenge in Apache.

On IIS you can bind as many IPs as you want and you use host headers (a bit like vhosts) - but here it seems you need a new IP address per vhost unless you use virtualnames, but then you cant split the hosts for SSL.

To configure the secondary IP i did:
ifconfig eth0:0 192.168.0.2 up

Hmmm, so as far as I can tell Im going to have to use another IP (and do more firewall work) to get that 3rd host up?

Cheers
 
Upvote 0 Downvote
I have usually run separate configs for http and https, but you can run one with both.


read under mixed named and ip based.

Something like:

Listen 80
Listen 443

NameVirtualHost 192.168.0.1
NameVirtualHost 192.168.0.2

<Virtualhost *:80>
DocumentRoot ...
ServerName </VirtualHost>

<Virtualhost *:80>
DocumentRoot ...
ServerName admin.example.com
</VirtualHost>

<Virtualhost *:80>
DocumentRoot ...
ServerName moreadmin.example.com
</VirtualHost>

# THESE ARE YOUR HTTPS HOSTS, IP BASED

<Virtualhost 192.168.0.1:443>
DocumentRoot ...
ServerName </VirtualHost>

<Virtualhost 192.168.0.2:443>
DocumentRoot ...
ServerName admin.example.com
</VirtualHost>

If this doesn't work, one could setup 2 instances, one for 80 (named) and 443 (ip based).

BTW, one uses redirects or rewrite rules to "require" https, that is one does something like this in the virtual host port 80 for
Redirect permanent /
 
Upvote 0 Downvote
ok thanks that has helped quite a bit

The short of it is I need 2 IPs and I can have as many port 80 hosts as I want, but I need an IP per SSL cert.

Thanks guys
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
245
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
214
ChrisHirst
ChrisHirst
bhaberman
  • Locked
  • Question
SSL_ERROR_NO_CYPHER_OVERLAP
Replies
2
Views
162
ChrisHirst
ChrisHirst
inforeqd
  • Locked
  • Question
Multiple Physical NICs on Redhat KVM Virtual Machine
Replies
0
Views
86
inforeqd
inforeqd
w5000
  • Locked
  • Question
mounting a filesystem multiple times - what sense?
Replies
7
Views
617
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top