'[apache-ssl] Multiple Named Virtual-Hosts on Different Ports'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    [apache-ssl] Multiple Named Virtual-Hosts on Different Ports
From:       byzaniche <byzaniche () yahoo ! com>
Date:       2005-05-01 23:34:16
Message-ID: 20050501233416.15629.qmail () web14827 ! mail ! yahoo ! com
[Download RAW message or body]

Hello.

I've configured my Virtual Hosts as follows:

**************************************

NameVirtualHost localhost:80
NameVirtualHost 10.0.0.2:80
NameVirtualHost localhost:443
NameVirtualHost localhost:713
NameVirtualHost localhost:714
NameVirtualHost 10.0.0.2:443
NameVirtualHost 10.0.0.2:713
NameVirtualHost 10.0.0.2:714

# For HTTPS Redirect Handlers
<Directory /var/www/httpsrh>
  SSLDenySSL
</Directory>

# --------Site Default----------------

# Site Default (no DNS)
<VirtualHost localhost:80 10.0.0.2:80>
  DocumentRoot /var/www
  SSLDisable

  RewriteEngine  on
  RewriteCond    %{SERVER_PORT}  !^443$
  RewriteRule    ^/(.*)               \
https://%{SERVER_NAME}/$1 [L,R,NC]
</VirtualHost>

# Secure Site Default (no DNS)
<VirtualHost localhost:443 10.0.0.2:443>
  DocumentRoot /var/www/secure
  SSLEnable
  SSLCertificateFile \
/etc/apache-ssl/certs/default.cert.cert
  SSLCertificateKeyFile \
/etc/apache-ssl/certs/default.cert.key
</VirtualHost>

# ---------vh1.loc--------------------

# vh1.loc Default
<VirtualHost localhost:80 10.0.0.2:80>
  ServerName vh1.loc
  DocumentRoot /var/www
  SSLDisable

  RewriteEngine  on
  RewriteCond    %{SERVER_PORT}  !^713$
  RewriteRule    ^/(.*)          \
https://%{SERVER_NAME}:713/$1 [L,R,NC]
</VirtualHost>

# vh1.loc HTTPS Redirect Handler
<VirtualHost localhost:443 10.0.0.2:443>
  ServerName vh1.loc
  DocumentRoot /var/www/httpsrh
  SSLDisable

  RewriteEngine  on
  RewriteCond    %{SERVER_PORT}  !^713$
  RewriteRule    ^/(.*)          \
https://%{SERVER_NAME}:713/$1 [L,R,NC]
</VirtualHost>

# vh1.loc Secure
<VirtualHost localhost:713 10.0.0.2:713>
  ServerName vh1.loc
  DocumentRoot /var/www/vh1
  SSLEnable
  SSLCertificateFile \
/etc/apache-ssl/certs/vh1.cert.cert
  SSLCertificateKeyFile \
/etc/apache-ssl/certs/vh1.cert.key
</VirtualHost>

# ----------vh2.loc-------------------

# vh2.loc Default
<VirtualHost localhost:80 10.0.0.2:80>
  ServerName vh2.loc
  DocumentRoot /var/www
  SSLDisable

  RewriteEngine  on
  RewriteCond    %{SERVER_PORT}  !^714$
  RewriteRule    ^/(.*)          \
https://%{SERVER_NAME}:714/$1 [L,R,NC]
</VirtualHost>

# vh2.loc HTTPS Redirect Handler
<VirtualHost localhost:443 10.0.0.2:443>
  ServerName vh2.loc
  DocumentRoot /var/www/httpsrh
  SSLDisable

  RewriteEngine  on
  RewriteCond    %{SERVER_PORT}  !^714$
  RewriteRule    ^/(.*)          \
https://%{SERVER_NAME}:714/$1 [L,R,NC]
</VirtualHost>

# vh2.loc Secure
<VirtualHost localhost:714 10.0.0.2:714>
  ServerName vh2.loc
  DocumentRoot /var/www/vh2
  SSLEnable
  SSLCertificateFile \
/etc/apache-ssl/certs/vh2.cert.cert
  SSLCertificateKeyFile \
/etc/apache-ssl/certs/vh2.cert.key
</VirtualHost>

****************************************

First, let me say that I appreciate you considerting
my configuration, because I know that it is common
knowlege that SSL and named virtual-hosts do not work
together with an exact match between ip and port
across the VHs, and I understand why such a
configuration does not work.  So, that's why I tried
this little hack, which just sacrifices a clean
domain-name in the address-bar by adding the specific
port.  Yes, I know I"m a cheap bastard and should just
invest in the IPs, but this is almost working!! ::
crying::

The configuration works for "http://10.0.0.2",
"http://vh1.loc" and "http://vh2.loc".  By 'works', I
mean that the approriate rewrites take effect and the
request is sent from "http://10.0.0.2" to
"https://10.0.0.2", and from "http://vhX.loc" to
"https://vhX.loc:71X", and the appropriate certs are
served, all is well, and I can continue eating my can
of beans in peace.

However, as you can see by my attempts at "HTTPS
Redirect Handlers", when the request is specifically
"https://vhX.loc", the default.cert.cert cert is
served. 
Say that five times quickly.  So I tried this very
rational seeming rewrite/redirect-hack, which is in
two parts for each vh: the system-wide DIRECTORY
directive and the port-443 vh.  But, for some reason,
the HTTPS request is forwarded to port 443 of the
default vh, not port 443 of the specified vh.

Now, I know that the immediate response might be,
"well duh", but why would the other rewrite/redirect
work, and not this one?  Maybe it's just something
obvious and I can just crawl back into my little hole
and fork out the $10/month per IP..  ; )

Thankyou again, very much for your time.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic