Welcome to TheGillis.net

Consider this site a collection of random notes about a variety of topics. I hope this information helps you in some way.

Categories

Archives

Meta

4 July 2004 - 1:16Apache Name Based Virtual Hosts and SSL

Lately I ran into a problem with name based virtual hosting. In Apache you have the option of running multiple domains from one IP using name based virtual hosts. The host name is sent with the HTTP request and Apache determines the correct DocumentRoot and folder permissions. Setting up virtual hosting is relatively easy and the Apache documentation on it can be found here. Now I had several domains that needed secure SSL communication, but there is a problem…

Intro

In Apache there is a default SSL file called ssl.conf with one VirtualHost entry for port 443. So me and my quick thinking though that I could add a NameVirtualHost entry to the ssl.conf file and then add another VirtualHost entry with a different ServerName and everything should work. The result looked something like:

NameVirtualHost *:443

<VirtualHost *:443>
    ServerName server1.com
    (Removed for clarity)
</VirtualHost>

<VirtualHost *:443>
    ServerName server2.com
    (Removed for clarity)
</VirtualHost>

Well, it didn’t work.

Problems

After some research, I found this Apache FAQ. It pretty much says that the SSL protocol is lower than the HTTP protocol; therefore, it is not possible to determine the server name with HTTP before the SSL negotiation.

Solution

The easiest solution is to separate the two sites that need SSL onto two different IP’s. Since I’m limited to one IP, I had to force Apache to listen for SSL connections on multiple ports. This makes my ssl.conf file look something like:

# The 443 line already exists, add a couple more.
Listen 443
Listen 1443
Listen 2443

<VirtualHost *:443>
    ServerName server1.com
    (Removed for clarity)
</VirtualHost>

<VirtualHost *:1443>
    ServerName server2.com
    (Removed for clarity)
</VirtualHost>
...

Now, to access each site, use https://server1.com/ and https://server2.com:1443/.

This solution works well enough for me. I can have multiple sites run from one IP and I can have a different certificate for each site. It’s also a nice quick solution that didn’t require a lot of work.

No Comments | Tags: Computer

Add a Comment