mod-ssl Virtual Hosts

Hello All!

Just recently I was able to get this mod-ssl library working on Apache.
It is working just fine. Much thanks to the developer team.

Anyway my question is...

Currently I use name-based virtual hosts for all of our websites.

http://domain1.com
http://domain2.com

We would like to have the ability to get each domain a https address as
well like...

https://domain1.com
https://domain2.com

What would be the best method of tackling this, since mod-ssl doesn't
support name-based virtual host?

I've thought of using IP Based virtual host, but there isn't enough
static ip's to go around. I've also thought of using
proxypass/proxyreverse to point it to an internal static ip. Am I on
target with this?

I would really appreciate any help or suggestions ANYONE can provide.

Thanks!
IRV




____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod-ssl Virtual Hosts

a) you could try surfing the archives of this list since an arguable
10% of the traffic is either this exact question or directly relates to
it.
b) you could use different ports
c) you could use different IPs. they're not *that* rare .. and .. it
could be sanely argued that if you've got content important enough to
protect using SSL, the cost of "using up" an IP is just part of the
cost of making that _important_ information accessible.

-dsp


On Friday, Nov 8, 2002, at 18:30 Europe/London, Irving Carrion wrote:

> Hello All!
>
> Just recently I was able to get this mod-ssl library working on Apache.
> It is working just fine. Much thanks to the developer team.
>
> Anyway my question is...
>
> Currently I use name-based virtual hosts for all of our websites.
>
> http://domain1.com
> http://domain2.com
>
> We would like to have the ability to get each domain a https address as
> well like...
>
> https://domain1.com
> https://domain2.com
>
> What would be the best method of tackling this, since mod-ssl doesn't
> support name-based virtual host?
>
> I've thought of using IP Based virtual host, but there isn't enough
> static ip's to go around. I've also thought of using
> proxypass/proxyreverse to point it to an internal static ip. Am I on
> target with this?
>
> I would really appreciate any help or suggestions ANYONE can provide.
>
> Thanks!
> IRV
>
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod-ssl Virtual Hosts

Thanks for the reply.

According to the docs the following should work...


... standard directives such as DocumentRoot, Logfile, ErrorLog here
....

SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown



Now when I add another one like this


... standard directives such as DocumentRoot, Logfile, ErrorLog here
....

SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown



Only the first domain works and the second does not.

So your saying to use ip based virtual host like this...


... standard directives such as DocumentRoot, Logfile, ErrorLog here
....

SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown




Is this correct?

Thanks!
IRV




-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
Sent: Friday, November 08, 2002 2:05 PM
To: modssl-users@modssl.org
Subject: Re: mod-ssl Virtual Hosts

a) you could try surfing the archives of this list since an arguable
10% of the traffic is either this exact question or directly relates to
it.
b) you could use different ports
c) you could use different IPs. they're not *that* rare .. and .. it
could be sanely argued that if you've got content important enough to
protect using SSL, the cost of "using up" an IP is just part of the
cost of making that _important_ information accessible.

-dsp


On Friday, Nov 8, 2002, at 18:30 Europe/London, Irving Carrion wrote:

> Hello All!
>
> Just recently I was able to get this mod-ssl library working on
Apache.
> It is working just fine. Much thanks to the developer team.
>
> Anyway my question is...
>
> Currently I use name-based virtual hosts for all of our websites.
>
> http://domain1.com
> http://domain2.com
>
> We would like to have the ability to get each domain a https address
as
> well like...
>
> https://domain1.com
> https://domain2.com
>
> What would be the best method of tackling this, since mod-ssl doesn't
> support name-based virtual host?
>
> I've thought of using IP Based virtual host, but there isn't enough
> static ip's to go around. I've also thought of using
> proxypass/proxyreverse to point it to an internal static ip. Am I on
> target with this?
>
> I would really appreciate any help or suggestions ANYONE can provide.
>
> Thanks!
> IRV
>
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org