You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chad Arimura <ne...@alldorm.com> on 2002/09/26 20:05:42 UTC
[users@httpd] Multiple IP/SSL hosts
Hello,
We currently have 2 IP's pointing to our apache 1.3.22 server. 1 IP is
accepted and setup for name-based vhosting and handles about 25 virtual host
directives on port 80, and SSL requests on port 443. How can I set up the
other IP to be accepted through a different subdomain, port 443, and use a
separate SSL certificate? I know it's simple but I can't seem to find the
right settings.
Here's our current config:
NameVirtualHost xxx.xxx.xx.xxx:80
(no listen or bind directives)
<VirtualHost www.domain.com>
DocumentRoot "/var/www/www.domain.com"
ServerName www.domain.com
</VirtualHost>
<VirtualHost sub1.domain.com>
DocumentRoot "/var/www/sub1.domain.com"
ServerName sub1.domain.com
</VirtualHost>
....
<VirtualHost sub25.domain.com>
DocumentRoot "/var/www/sub25.domain.com"
ServerName sub25.domain.com
</VirtualHost>
<VirtualHost _default_:443>
certicate #1 info....
</VirtualHost>
Thanks a lot,
Chad Arimura
AllDorm Inc.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting apache to recognize changes in httpd.conf "on the fly"
Posted by Cs-HB <ba...@arthur.no.info.hu>.
Mike,
try "apachectl graceful". It isn't exactly what you want, but....
http://httpd.apache.org/docs-2.0/programs/apachectl.html
graceful Gracefully restarts the Apache daemon by sending
it a SIGUSR1. If the daemon is not running, it
is started. This differs from a normal restart
in that currently open connections are not
aborted. A side effect is that old log files
will not be closed immediately. This means that
if used in a log rotation script, a substantial
delay may be necessary to ensure that the old
log files are closed before processing them.
This command automatically checks the configura-
tion files via configtest before initiating the
restart to make sure Apache doesn't die. On
certain platforms that do not allow USR1 to be
used for a graceful restart, an alternative
signal may be used (such as WINCH). apachectl
graceful will send the right signal for your
platform.
2002. 10. 06. 6:51:47, "Michael Schulz" <mi...@mschulz.net> wrote:
>Is there any way to force Apache to recognize updates in the httpd.conf
>file?
>
>Specifically, I want to be able to add new alias directives without having
>to shut down and restart apache.
>
>Is this possible?
>
>TIA
>
>-Mike Schulz
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Getting apache to recognize changes in httpd.conf
"on the fly"
Posted by Rasmus Lerdorf <ra...@apache.org>.
Nope, but if you do a graceful restart you can do it without losing any
requests.
-Rasmus
On Sat, 5 Oct 2002, Michael Schulz wrote:
> Is there any way to force Apache to recognize updates in the httpd.conf
> file?
>
> Specifically, I want to be able to add new alias directives without having
> to shut down and restart apache.
>
> Is this possible?
>
> TIA
>
> -Mike Schulz
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Getting apache to recognize changes in httpd.conf "on the fly"
Posted by Michael Schulz <mi...@mschulz.net>.
Is there any way to force Apache to recognize updates in the httpd.conf
file?
Specifically, I want to be able to add new alias directives without having
to shut down and restart apache.
Is this possible?
TIA
-Mike Schulz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by "i.t" <i....@ithum.de>.
msg Donnerstag, 26. September 2002 22:20 by Chad Arimura:
> Is there a way to use both IP-host hosting AND name-based?
no!
--
. ___
| | Irmund Thum
| |
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by "Robin P. Blanchard" <ro...@georgiacenter.org>.
you have to use IP based virtual hosting for SSL to work:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Matt Raible <ma...@raibledesigns.com>.
Hmmm, this worries me. Let me start by explaining what I'd like to do.
1 Apache 2.0.x webserver
1 Linux box
2-20 Tomcat instances, each with an installation of my application for
customers.
SSL Enabled for all so login is encyrpted
I've successfully setup Apache and Tomcat using this article:
http://raibledesigns.com/tomcat.
I've successfully setup Apache + SSL using this article:
http://raibledesigns.com/tomcat/ssl-howto.html.
In my ssl.conf, I have:
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "d:/tools/apache-2.0/Apache2/htdocs"
ServerName localhost:443
...
"localhost" will eventually be the main domain name I'm hosting on.
In named.conf, I have:
<VirtualHost localhost1:80>
ServerName localhost1
JkMount /*.jsp tomcat1
JkMount /servlet/* tomcat1
</VirtualHost>
<VirtualHost localhost2:80>
ServerName localhost2
JkMount /*.jsp tomcat2
JkMount /servlet/* tomcat2
</VirtualHost>
And I can successfully get to localhost1 and localhost2 (and the correct
tomcat's) using both http:// and https://. Is this a proper
configuration? If not, please let me know - I'd like to make both
articles above as accurate as possible.
Thanks,
Matt
> -----Original Message-----
> From: Robin P. Blanchard [mailto:robin.blanchard@georgiacenter.org]
> Sent: Thursday, September 26, 2002 2:20 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Multiple IP/SSL hosts
>
>
>
> > Is there a way to use both IP-host hosting AND name-based?
>
> yes, you can mix and match. but you will never be able to use SSL
> (properly) on a name-based virtual host.
>
> if you have only port 80 traffic for a couple of fqdn's you could use
> name-based hosting for those. you'd therefore use the namevirtualhost
> directive. once you've got the need for multiple SSL enabled
> hosts, or
> hosts that will be both non-SSL and SSL, you need to use ip-based
> virtual hosting, which uses the listen directive.
>
>
> --
> ----------------------------------------
> Robin P. Blanchard
> Systems Integration Specialist
> Georgia Center for Continuing Education
> fon: 706.542.2404 <|> fax: 706.542.6546
> ----------------------------------------
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project. See
> <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by "Robin P. Blanchard" <ro...@georgiacenter.org>.
if you're going to be needing SSL, you will have to use ip-based virtual
hosts. while, you can mix and mingle name-based and ip-based for non-SSL
stuff, don't bother as that's just another level of complexity. use all
ip-based hosts. what you want is this:
Listen a.b.c.d:80
<VirtualHost a.b.c.d:80>
DocumentRoot /var/www/abc.domain.com/http
ServerName abc.domain.com
SSLEngine Off
</VirtualHost>
Listen a.b.c.d:443
<VirtualHost a.b.c.d:443>
DocumentRoot /var/www/abc.domain.com/https
ServerName abc.domain.com
SSLEngine On
SSLCertificateFile .../abc.domain.com.crt
SSLCertificateKeyFile .../abc.domain.com.key
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
Listen e.f.g.h:80
<VirtualHost e.f.g.h80>
DocumentRoot /var/www/efg.domain.com/http
ServerName efg.domain.com
SSLEngine Off
</VirtualHost>
Listen e.f.g.h:443
<VirtualHost e.f.g.h:443>
DocumentRoot /var/www/efg.domain.com/https
ServerName efg.domain.com
SSLEngine On
SSLCertificateFile .../efg.domain.com.crt
SSLCertificateKeyFile .../efg.domain.com.key
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
and so forth. and for hosts without SSL, don't declare a listen/virtual
host for port 443 on that ip. and just use ip aliases on your http
server's interface for all the IPs you want to use.
Chad Arimura wrote:
> OK i'm missing something here... I'm really trying my best to understand how
> this works.
>
> Here's my attempted setup, and it's not working yet (cannot find dns,
> error). Forget the extra SSL certs, I'm just trying to get the second IP
> address to respond on port 80:
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Chad Arimura <ne...@alldorm.com>.
Thanks all for your help. I finally got it. Vhosting is just so sensitive,
if one thing is off it brings the system to it's knees, throw in some ssl
certificates and then it gets sticky.
One more question, are there any really good Apache tuning sites someone can
point me too? Or is apache.org the best resource?
Thanks again,
Chad Arimura
AllDorm Inc.
-----Original Message-----
From: Matt Raible [mailto:matt@raibledesigns.com]
Sent: Saturday, September 28, 2002 7:58 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Multiple IP/SSL hosts
I was unable to mix/match SSL and named-based virtual hosting on one IP.
I got the following error when I tried:
[error] VirtualHost _default_:443 -- mixing * ports and non-* ports with
a NameVirtualHost address is not supported, proceeding with undefined
results
> -----Original Message-----
> From: Zac Stevens [mailto:zts@cryptocracy.com]
> Sent: Saturday, September 28, 2002 6:05 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Multiple IP/SSL hosts
>
>
> On Sat, Sep 28, 2002 at 07:59:37AM -0400, Robin P. Blanchard wrote:
> > do *not* use namebased virtualhosts for IPs which will be using SSL.
>
> Why not? It works just fine, beyond the fact that people
> sharing the port 80 address may be surprised at what they see
> if they inadvertantly reference their site via HTTPS
>
> > if you insist on mixing and matching namebased with
> ip-based, only use
> > namebased for a bunch of namebased vhosts all running on
> port 80. also,
> > i believe that the namevirutalhost directive does not take
> the port tag.
>
> This is incorrect. The port is optional - see the docs:
>
http://httpd.apache.org/docs/mod/core.html#namevirtualhost
HTH,
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Matt Raible <ma...@raibledesigns.com>.
I was unable to mix/match SSL and named-based virtual hosting on one IP.
I got the following error when I tried:
[error] VirtualHost _default_:443 -- mixing * ports and non-* ports with
a NameVirtualHost address is not supported, proceeding with undefined
results
> -----Original Message-----
> From: Zac Stevens [mailto:zts@cryptocracy.com]
> Sent: Saturday, September 28, 2002 6:05 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Multiple IP/SSL hosts
>
>
> On Sat, Sep 28, 2002 at 07:59:37AM -0400, Robin P. Blanchard wrote:
> > do *not* use namebased virtualhosts for IPs which will be using SSL.
>
> Why not? It works just fine, beyond the fact that people
> sharing the port 80 address may be surprised at what they see
> if they inadvertantly reference their site via HTTPS
>
> > if you insist on mixing and matching namebased with
> ip-based, only use
> > namebased for a bunch of namebased vhosts all running on
> port 80. also,
> > i believe that the namevirutalhost directive does not take
> the port tag.
>
> This is incorrect. The port is optional - see the docs:
>
http://httpd.apache.org/docs/mod/core.html#namevirtualhost
HTH,
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by Zac Stevens <zt...@cryptocracy.com>.
On Sat, Sep 28, 2002 at 07:59:37AM -0400, Robin P. Blanchard wrote:
> do *not* use namebased virtualhosts for IPs which will be using SSL.
Why not? It works just fine, beyond the fact that people sharing the port
80 address may be surprised at what they see if they inadvertantly
reference their site via HTTPS
> if you insist on mixing and matching namebased with ip-based, only use
> namebased for a bunch of namebased vhosts all running on port 80. also,
> i believe that the namevirutalhost directive does not take the port tag.
This is incorrect. The port is optional - see the docs:
http://httpd.apache.org/docs/mod/core.html#namevirtualhost
HTH,
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by "Robin P. Blanchard" <ro...@georgiacenter.org>.
do *not* use namebased virtualhosts for IPs which will be using SSL. if
you insist on mixing and matching namebased with ip-based, only use
namebased for a bunch of namebased vhosts all running on port 80. also,
i believe that the namevirutalhost directive does not take the port tag.
> NameVirtualHost a.b.c.d:80
>
> <VirtualHost www.domain.com>
> DocumentRoot "/var/www/www.domain.com"
> ServerName www.domain.com
> </VirtualHost>
>
> <more namevhosts>
> a bunch of other namebased vhosts to accept xxx.domain.com
> </VirtualHost>
>
> <VirtualHost a.b.c.d:443>
> certificate information
> </VirtualHost>
>
>
> Listen e.f.g.h
> <VirtualHost e.f.g.h>
> DocumentRoot "/var/www/abc.domain.com"
> ServerName abc.domain.com
> </VirtualHost>
>
>
> This configuration works fine, but as soon as I try and specify a
> port for
> the second IP address to listen on (eg 'Listen e.f.g.h:443'), the
> name-based
> vhosts stop responding.
>
> Also, after I added the Listen e.f.g.h, it seems that when we access
> the
> name based hosts from the first IP, a second lookup is taking place
> and the
> latency is a fraction of a second longer...
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Chad Arimura <ne...@alldorm.com>.
Ok first problem solved. The new IP address wasn't in the NIC's route
table. My mistake. But now I'm running into the following problem:
Here's my current setup:
NameVirtualHost a.b.c.d:80
<VirtualHost www.domain.com>
DocumentRoot "/var/www/www.domain.com"
ServerName www.domain.com
</VirtualHost>
<more namevhosts>
a bunch of other namebased vhosts to accept xxx.domain.com
</VirtualHost>
<VirtualHost a.b.c.d:443>
certificate information
</VirtualHost>
Listen e.f.g.h
<VirtualHost e.f.g.h>
DocumentRoot "/var/www/abc.domain.com"
ServerName abc.domain.com
</VirtualHost>
This configuration works fine, but as soon as I try and specify a port for
the second IP address to listen on (eg 'Listen e.f.g.h:443'), the name-based
vhosts stop responding.
Also, after I added the Listen e.f.g.h, it seems that when we access the
name based hosts from the first IP, a second lookup is taking place and the
latency is a fraction of a second longer...
Ideas?
Thanks!
Chad Arimura
AllDorm Inc.
-----Original Message-----
From: Robin P. Blanchard [mailto:robin.blanchard@georgiacenter.org]
Sent: Thursday, September 26, 2002 1:20 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Multiple IP/SSL hosts
> Is there a way to use both IP-host hosting AND name-based?
yes, you can mix and match. but you will never be able to use SSL
(properly) on a name-based virtual host.
if you have only port 80 traffic for a couple of fqdn's you could use
name-based hosting for those. you'd therefore use the namevirtualhost
directive. once you've got the need for multiple SSL enabled hosts, or
hosts that will be both non-SSL and SSL, you need to use ip-based
virtual hosting, which uses the listen directive.
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Chad Arimura <ne...@alldorm.com>.
OK i'm missing something here... I'm really trying my best to understand how
this works.
Here's my attempted setup, and it's not working yet (cannot find dns,
error). Forget the extra SSL certs, I'm just trying to get the second IP
address to respond on port 80:
NameVirtualHost a.b.c.d:80
<VirtualHost www.domain.com>
DocumentRoot "/var/www/www.domain.com"
ServerName www.domain.com
</VirtualHost>
.
.
.
a bunch of other namebased vhosts to accept xxx.domain.com
through a.b.c.d:80
.
.
.
Listen e.f.g.h:80
<VirtualHost e.f.g.h:80>
DocumentRoot "/var/www/abc.domain.com"
ServerName abc.domain.com
</VirtualHost>
Is this off?
Chad
-----Original Message-----
From: Robin P. Blanchard [mailto:robin.blanchard@georgiacenter.org]
Sent: Thursday, September 26, 2002 1:20 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Multiple IP/SSL hosts
> Is there a way to use both IP-host hosting AND name-based?
yes, you can mix and match. but you will never be able to use SSL
(properly) on a name-based virtual host.
if you have only port 80 traffic for a couple of fqdn's you could use
name-based hosting for those. you'd therefore use the namevirtualhost
directive. once you've got the need for multiple SSL enabled hosts, or
hosts that will be both non-SSL and SSL, you need to use ip-based
virtual hosting, which uses the listen directive.
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by "Robin P. Blanchard" <ro...@georgiacenter.org>.
> Is there a way to use both IP-host hosting AND name-based?
yes, you can mix and match. but you will never be able to use SSL
(properly) on a name-based virtual host.
if you have only port 80 traffic for a couple of fqdn's you could use
name-based hosting for those. you'd therefore use the namevirtualhost
directive. once you've got the need for multiple SSL enabled hosts, or
hosts that will be both non-SSL and SSL, you need to use ip-based
virtual hosting, which uses the listen directive.
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Multiple IP/SSL hosts
Posted by Chad Arimura <ne...@alldorm.com>.
I'm still having some trouble. So now that I'm NOT using name-based, but
rather IP-based Vhosting, do i need to change all my vhost directives from:
<VirtualHost sub1.domain.com>
ServerName sub1.domain.com
DocumentRoot "/var/www/www.alldorm.com"
</VirtualHost>
to this:
<VirtualHost a.b.c.d:80>
ServerName sub1.domain.com
DocumentRoot "/var/www/www.alldorm.com"
</VirtualHost>
And replace...? :
NameVirtualHost a.b.c.d:80
with:
Listen a.b.c.d:80
I try this and I get the error on httpd restart:
[Thu Sep 26 13:56:22 2002] [warn] VirtualHost 216.110.45.111:80 overlaps
with VirtualHost 216.110.45.111:80, the first has precedence, perhaps you
need a NameVirtualHost directive
[Thu Sep 26 13:56:22 2002] [warn] VirtualHost 216.110.45.111:80 overlaps
with VirtualHost 216.110.45.111:80, the first has precedence, perhaps you
need a NameVirtualHost directive
Is there a way to use both IP-host hosting AND name-based?
Chad
-----Original Message-----
From: Robin P. Blanchard [mailto:robin.blanchard@georgiacenter.org]
Sent: Thursday, September 26, 2002 11:13 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Multiple IP/SSL hosts
listen a.b.c.d:80
<VirtualHost a.b.c.d:80>
</VirtualHost>
listen a.b.c.d:443
<VirtualHost a.b.c.d:443>
SSLLogLevel error
SSLCertificateFile a.b.c.d.crt
SSLCertificateKeyFile a.b.c.d.crt
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
listen e.f.g.h:80
<VirtualHost e.f.g.h:80>
</VirtualHost>
listen e.f.g.h:443
<VirtualHost e.f.g.h:443>
SSLLogLevel error
SSLCertificateFile e.f.g.h.crt
SSLCertificateKeyFile e.f.g.h.crt
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
Chad Arimura wrote:
> Hello,
>
> We currently have 2 IP's pointing to our apache 1.3.22 server. 1 IP is
> accepted and setup for name-based vhosting and handles about 25 virtual
host
> directives on port 80, and SSL requests on port 443. How can I set up the
> other IP to be accepted through a different subdomain, port 443, and use a
> separate SSL certificate? I know it's simple but I can't seem to find the
> right settings.
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple IP/SSL hosts
Posted by "Robin P. Blanchard" <ro...@georgiacenter.org>.
listen a.b.c.d:80
<VirtualHost a.b.c.d:80>
</VirtualHost>
listen a.b.c.d:443
<VirtualHost a.b.c.d:443>
SSLLogLevel error
SSLCertificateFile a.b.c.d.crt
SSLCertificateKeyFile a.b.c.d.crt
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
listen e.f.g.h:80
<VirtualHost e.f.g.h:80>
</VirtualHost>
listen e.f.g.h:443
<VirtualHost e.f.g.h:443>
SSLLogLevel error
SSLCertificateFile e.f.g.h.crt
SSLCertificateKeyFile e.f.g.h.crt
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>
Chad Arimura wrote:
> Hello,
>
> We currently have 2 IP's pointing to our apache 1.3.22 server. 1 IP is
> accepted and setup for name-based vhosting and handles about 25 virtual host
> directives on port 80, and SSL requests on port 443. How can I set up the
> other IP to be accepted through a different subdomain, port 443, and use a
> separate SSL certificate? I know it's simple but I can't seem to find the
> right settings.
--
----------------------------------------
Robin P. Blanchard
Systems Integration Specialist
Georgia Center for Continuing Education
fon: 706.542.2404 <|> fax: 706.542.6546
----------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org