logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache 2.2.4 SSL Virtual Hosts
Author
anindya



Joined: 27 Feb 2007
Posts: 7

PostPosted: Tue 27 Feb '07 12:31    Post subject: Apache 2.2.4 SSL Virtual Hosts Reply with quote

Hi, I have been trying to set up SSL for my virtual hosts. The first time I used the same IP for all of them and because of that it used to use the SSL certificate from the first virtual host.

Now I have added some more IPs 192.168.1.4, 192.168.1.5 and I have set them up using these. Now they work fine if I access the sites using the same computer or a computer in the local network. However if I try to access them using a proxy then it shows me the document root of the first virtual host which is set up with the IP 192.168.1.3.

So now i am not sure what to do next to make them work for computers outside the local network. I am using an ADSL connection with a wireless adsl router. Please let me know what else i need to do to get it to work properly. Very Happy

Thanks.

Edit: Ok, I think its because of the port forwarding. The 192.168.1.3 IP is forwarded in the router. But what do I do to forward the other IPs? I cant forward them on the same port can I?
Back to top
VoodooMill



Joined: 11 Jan 2007
Posts: 60

PostPosted: Tue 27 Feb '07 18:28    Post subject: Reply with quote

Hi anindya,

For outside traffic coming in, configure the router to forward to the proxy, then the proxy will handle distribution to the internal servers.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Tue 27 Feb '07 21:23    Post subject: Reply with quote

It is a limitation of SSL that there can only be one certificate per IP-address/port-number combination.
This is because the certificate is needed to make the initial connection, which happens before the virtual host name is sent.

Inside your own network you can have several different IPs, like 192.168.1.3, 192.168.1.4, 192.168.1.5, etc.

Your router probably has only one IP address visible to the outside world.
Try http://www.whatsmyip.org/ or http://whatsmyip.net/ to see what your external IP address is.

One way to work around this limitation is to forward different port numbers, for example:
    forward port 443 to 192.168.1.3 port 443
    forward port 1443 to 192.168.1.4 port 443
    forward port 2443 to 192.168.1.5 port 443

The disadvantage is that anyone outside your own network must use the specified port numbers, except for the the first web site.
The first site can be https://sitename/ because 443 is the default SSL port.
To reach the second site from outside your own network you must use https://sitename:1443/, and the third site would be https://sitename:2443/.

-tom-
Back to top
anindya



Joined: 27 Feb 2007
Posts: 7

PostPosted: Wed 28 Feb '07 2:06    Post subject: Reply with quote

Thanks for the help tom. I know I can forward the other ports but as you said , that way people will have to use the port number to access the sites. And I already tried that and it worked. But I dont want it that way. So I removed the IPs and changed all the virtual hosts back to the same IP.

This way SSL wont work but at least the sites will work normally. But now after doing that, if I use HTTPS:// in the sites where I dont want SSL, it shows me the document root of the first virtual host. You know what i am trying to say? And is there any way to prevent that?

Thanks.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Wed 28 Feb '07 6:55    Post subject: Reply with quote

If you want multiple SSL sites and you don't want to use a port number, then you will need to have several external IP address.

Here in the northeast U.S. most non-commercial ADSL accounts only give you one external IP address.
Multiple ADSL accounts (expensive) or a commercial account (also expensive) are needed to get more than one external IP address.

The fact that you can have several 192.168.1.x IP addresses inside your own network doesn't give you multiple IP addresses which are visible from outside your router. From the outside you only have a single IP address, hence only one SSL web site is reacheable from outside your router.

This only applies to SSL. Non-SSL web sites can have any number of different host names all using the same external IP address & port.

-tom-
Back to top


Reply to topic   Topic: Apache 2.2.4 SSL Virtual Hosts View previous topic :: View next topic
Post new topic   Forum Index -> Apache