You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nataraj <in...@rjl.com> on 2012/05/28 00:02:08 UTC
[users@httpd] How to have multiple SSL ports
I am running apache 2.2 and would like to have the server listen on a
second SSL port. I don't need to use a separate certificate or anything
like that. All I want to be able to do is to rewrite the URL (already
know how to do that), so that a portion of the website gets redirected
to a separate port. This will allow me to use firewall access lists so
that part of the web site is only accessable to specific IP addresses.
So for example, I will rewrite: https://mydomain.org/private-login.php
as https://mydomain.org:5678/private-login.php
I would like the web server to serve SSL on both ports 443 and 5678, so
the public part of the web site would be accessible on port 443. I
tried editing ssl.conf and adding a second port, but wasn't sure what to
do with the <VirtualHost _default_:443> line.
Thanks,
Nataraj
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to have multiple SSL ports
Posted by Nataraj <in...@rjl.com>.
On 05/28/2012 10:14 AM, Mark Montague wrote:
> On May 27, 2012 18:02 , Nataraj <in...@rjl.com> wrote:
>> I am running apache 2.2 and would like to have the server listen on a
>> second SSL port. I don't need to use a separate certificate or anything
>> like that. All I want to be able to do is to rewrite the URL (already
>> know how to do that), so that a portion of the website gets redirected
>> to a separate port. This will allow me to use firewall access lists so
>> that part of the web site is only accessable to specific IP addresses.
>
> If you want to restrict access to parts of the web site, do not use a
> firewall: a firewall is the wrong tool for the job, and you will
> actually be making things much harder on yourself by trying to do it
> that way. Instead, use the access control directives built into
> Apache HTTP Server to control which parts of the web site are
> accessible from which IP addresses. For Apache HTTP Server 2.2, this
> is done with the "Allow" and "Deny" directives. For more details and
> lots of examples, see
>
> https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
>
>
>> I would like the web server to serve SSL on both ports 443 and 5678, so
>> the public part of the web site would be accessible on port 443. I
>> tried editing ssl.conf and adding a second port, but wasn't sure what to
>> do with the<VirtualHost _default_:443> line.
>
> You will need to duplicate all of the configuration for the port 443
> SSL virtual host in order to set up an additional virtual host on port
> 5678. This includes:
>
> - A "Listen" directive for port 5678.
>
> - A "VirtualHost" stanza for the second web virtual host (for example,
> "<VirtualHost _default_:5678>") that contains a duplicate of all of
> the configuration directives that are inside the VirtualHost stanza
> for port 443. (Note that use "*:443" instead of "_default_:443" in my
> configs, but hopefully using _default_ in both VirtualHost stanzas
> will work for you; see the documentation for the VirtualHost directive
> to understand the difference).
>
Thank you for the pointer. I use fwknop to allow secure remote access,
so it needs to be done outside of apache. I was able to do it without
duplicating the virtualhost section like this:
<VirtualHost _default_:443 _default_:5678>
Nataraj
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to have multiple SSL ports
Posted by Mark Montague <ma...@catseye.org>.
On May 27, 2012 18:02 , Nataraj <in...@rjl.com> wrote:
> I am running apache 2.2 and would like to have the server listen on a
> second SSL port. I don't need to use a separate certificate or anything
> like that. All I want to be able to do is to rewrite the URL (already
> know how to do that), so that a portion of the website gets redirected
> to a separate port. This will allow me to use firewall access lists so
> that part of the web site is only accessable to specific IP addresses.
If you want to restrict access to parts of the web site, do not use a
firewall: a firewall is the wrong tool for the job, and you will
actually be making things much harder on yourself by trying to do it
that way. Instead, use the access control directives built into Apache
HTTP Server to control which parts of the web site are accessible from
which IP addresses. For Apache HTTP Server 2.2, this is done with the
"Allow" and "Deny" directives. For more details and lots of examples, see
https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
> I would like the web server to serve SSL on both ports 443 and 5678, so
> the public part of the web site would be accessible on port 443. I
> tried editing ssl.conf and adding a second port, but wasn't sure what to
> do with the<VirtualHost _default_:443> line.
You will need to duplicate all of the configuration for the port 443 SSL
virtual host in order to set up an additional virtual host on port
5678. This includes:
- A "Listen" directive for port 5678.
- A "VirtualHost" stanza for the second web virtual host (for example,
"<VirtualHost _default_:5678>") that contains a duplicate of all of the
configuration directives that are inside the VirtualHost stanza for port
443. (Note that use "*:443" instead of "_default_:443" in my configs,
but hopefully using _default_ in both VirtualHost stanzas will work for
you; see the documentation for the VirtualHost directive to understand
the difference).
I hope this helps.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org