[lug] ssl apache paths
zlynx at acm.org
Tue Aug 14 17:46:18 MDT 2007
On Tue, 2007-08-14 at 17:33 -0600, dio2002 at indra.com wrote:
> >> Yes. Each ssl host needs to have it's own IP.
> >> The name based virtual stuff takes place after the ssl handshake
> >> between your server and the browser. It already has to know the
> >> hostname it's going to to verify the ssl certificate. You can't do
> >> multiple ones in a single IP...
> > Darn! i guess ip aliasing is my only option here. i'm trying to
> > find a way to do this without having to buy more ip addresses.
> Actually, there IS another option. setup ssl to listen to multiple PORTS
> on the SAME IP!
> that allows for unique pathing for routing to the appropriate vhost. but
> i'm trying to figure out how to make all this work. the wood's burning
> but the smoke hasn't cleared yet ;-). suggestions welcome.
> fwiw, the login links are for known admins so the end user experience for
> all of this doesn't have to be pretty.
How is this scenario?
User connects via http and gets a virtual host by name.
The http virtual host redirects to a SSL server running on a unique port
for the unique name on the SSL cert on that port. (You'll need DNS
records that point to the same address.)
So, http://site1.com/ ends up at https://site1.com:4000,
http://site2.com/ goes to https://site2.com:4001/, etc.
I think it'd work.
By the way, here's what I use to redirect to SSL. I sorta cheat since I
use a PHP script for the hard part. You might be able to do it with
mod_rewrite if you like that better.
AliasMatch ^/.* /home/httpd/ti/lib/redirect-to-secure.php
$location = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
<a href="<?php echo $location ?>"><?php echo $location ?></a>
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the LUG