[ale] Multiple virt https hosts under Apache/mod_ssl

Jim Popovitch jimpop at rocketship.com
Thu Jan 2 10:18:44 EST 2003


Thanks Jenn,

That's about what I have in my config, Apache just never recognized most of
the SSL settings (other than ones like SSLEngine) inside the VirtualHost
statements.  I'll do a re-test sometime this weekend to verify.  Thanks in
advance should it start working for me.

-Jim P.

> -----Original Message-----
> From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of J.M.
> Taylor
> Sent: Thursday, January 02, 2003 9:50 AM
> To: ale at ale.org
> Subject: RE: [ale] Multiple virt https hosts under Apache/mod_ssl
>
>
> Jim,
>
> It's not apache's problem, it's the protocol.  They do the best
> they can. :)
>
> It sounds like you've already got 7 IP addresses for said vhosts, if
> you're planning on running  7 instances of apache.  That makes it easy:
>
> In your httpd.conf, find the line that says Listen 80.
> Make sure you uncomment and add another line that says Listen 443.
> (Note: the way I set up my vhosts, apache invariably complains that I
> don't have these lines set up right, and I wind up doing
> Listen 1.2.3.4:80
> Listen 1.2.3.4:443
> Listen 1.2.3.5:80
> Listen 1.2.3.5:443
> etc, two lines for each IP. YMMV)
>
> Then in my vhost, I do this:
> <VirtualHost 1.2.3.4:80>
>  Stuff for nonsecure vhost 1
> </VirtualHost>
> <VirtualHost 1.2.3.4:443>
>   Stuff for SECURE vhost 1 including
>   SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /path/to/vhost1.cert
> SSLCertificateKeyFile /path/to/vhost1.key
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> </VirtualHost>
>
>
> <VirtualHost 1.2.3.5:80>
>  Stuff for nonsecure vhost 2
> </VirtualHost>
> <VirtualHost 1.2.3.5:443>
>   Stuff for SECURE vhost 2 including
>   SSLEngine on
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /path/to/vhost2.cert
> SSLCertificateKeyFile /path/to/vhost2.key
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> </VirtualHost>
>
>
> There's also an easy solution if you don't actually own separate IPs for
> each install, but it causes problems with proxies and I wouldn't recommend
> it unless you absolutely have no choice.
>
> HTH
> jenn
>
>


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list