[lug] ssl apache paths
dio2002 at indra.com
dio2002 at indra.com
Tue Aug 14 19:43:56 MDT 2007
> On Tue, 2007-08-14 at 17:33 -0600, dio2002 at indra.com wrote:
>> >> Yes. Each ssl host needs to have it's own IP.
>> >> The name based virtual stuff takes place after the ssl handshake
>> >> between your server and the browser. It already has to know the
>> >> hostname it's going to to verify the ssl certificate. You can't do
>> >> multiple ones in a single IP...
>> > Darn! i guess ip aliasing is my only option here. i'm trying to
>> > find a way to do this without having to buy more ip addresses.
>> Actually, there IS another option. setup ssl to listen to multiple
>> on the SAME IP!
>> that allows for unique pathing for routing to the appropriate vhost.
>> i'm trying to figure out how to make all this work. the wood's burning
>> but the smoke hasn't cleared yet ;-). suggestions welcome.
>> fwiw, the login links are for known admins so the end user experience
>> all of this doesn't have to be pretty.
> How is this scenario?
> User connects via http and gets a virtual host by name.
> The http virtual host redirects to a SSL server running on a unique port
> for the unique name on the SSL cert on that port. (You'll need DNS
> records that point to the same address.)
> So, http://site1.com/ ends up at https://site1.com:4000,
> http://site2.com/ goes to https://site2.com:4001/, etc.
> I think it'd work.
I think it will too. I'm going to have to use redirects instead of php
though. And i won't redirect the entire site, just specific paths.
> By the way, here's what I use to redirect to SSL. I sorta cheat since I
> use a PHP script for the hard part. You might be able to do it with
> mod_rewrite if you like that better.
> <VirtualHost *:80>
> SSLEngine off
> DirectoryIndex /lib/redirect-to-secure.php
> AliasMatch ^/.* /home/httpd/ti/lib/redirect-to-secure.php
> Here's redirect-to-secure.php:
> $location = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
> "Location: $location",
> <a href="<?php echo $location ?>"><?php echo $location ?></a>
> Zan Lynx <zlynx at acm.org>
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
More information about the LUG