Re: More SSL hosts in one ssl.conf

On Sun, 2007-02-25 at 18:39 +0100, Julius Thyssen wrote:
> On 2/25/07, Michael Pacey <michael@wd21.co.uk> wrote:
> > By configuring the new IP address to the machine,
>
> That is already the case. I only have to open a port in iptables.
>
> > adding a Listen directive for the new IP address and port (443), and adding
> > a new virtual host for that IP address and port.
>
> Yes, I found out about that, but in executing this there are
> no real-life examples I could see, so how does that actually look
> in ssl.conf and httpd.conf ?
> Since httpd.conf has the "*:80" host entries, and ssl.conf has a
> "_default_:443" entry,
> what changes to them? Nothing? Can I just add those and not worry
> about the rest?
> So that I add
>
> Listen xxx.xxx.xxx.xx2:80
>
> <VirtualHost xxx.xxx.xxx.xx2:80>
>
> to httpd.conf and
>
> Listen xxx.xxx.xxx.xx2:443
> <VirtualHost xxx.xxx.xxx.xx2:443>
>
> to ssl.conf?

yes.

> The other hosts it listens to are "_default_" and "*", so
> how does the server know it's on the right IP-address
> for the existing hosts ?


Right, why do you have *:80 when you said it is only using one IP
address just now? You should just change this to the first ip address:

NameVirtualHost xxx.xxx.xxx.xx1:80

and then you won't have an issue. From the Apache documentation:

"The special name _default_ can be specified in which case this virtual
host will match any IP address that is not explicitly listed in another
virtual host."

So if you specify the new IP address in your new SSL virtual host, it
won't conflict.
--
Michael

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org