Re: More SSL hosts in one ssl.conf

On 2/25/07, Michael Pacey <michael@wd21.co.uk> wrote:
> By configuring the new IP address to the machine,

That is already the case. I only have to open a port in iptables.

> adding a Listen directive for the new IP address and port (443), and adding
> a new virtual host for that IP address and port.

Yes, I found out about that, but in executing this there are
no real-life examples I could see, so how does that actually look
in ssl.conf and httpd.conf ?
Since httpd.conf has the "*:80" host entries, and ssl.conf has a
"_default_:443" entry,
what changes to them? Nothing? Can I just add those and not worry
about the rest?
So that I add

Listen xxx.xxx.xxx.xx2:80

<VirtualHost xxx.xxx.xxx.xx2:80>

to httpd.conf and

Listen xxx.xxx.xxx.xx2:443
<VirtualHost xxx.xxx.xxx.xx2:443>

to ssl.conf?

The other hosts it listens to are "_default_" and "*", so
how does the server know it's on the right IP-address
for the existing hosts ?

> A rewrite or redirect from
> http to https must be handled within a non-SSL virtual host so you would
> need to create another virtual host for the new IP address on port 80
> and have the appropriate directives within that.

Yes, I have that down. I'm very good with rewrite.

> > my guess is not many servers *can* listen to 2 different IPs.
>
> Apache can and it is very common.

Yes, I made a mistake in wording it there, sorry.

> Don't really understand what you're getting at here... if you mean using
> name based virtual hosting with SSL,

Well, I could use Server aliases for the virtual SSL host
(in fact, I already have), and then make folder aliases
the user goes to with certain requests.
But like I wrote, that's overly complex.

--
Adios

Julius
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org