[lug] IP aliasing, https and iptables

karl horlen horlenkarl at yahoo.com
Tue Jun 17 14:35:31 MDT 2008

I'm getting ready to add some ssl support to a website that lives on my apache server which runs multiple vhosted sites.  It's likely I might want to add ssl capability to more vhosts in the future.

My understanding is that ssl requires ip versus name based vhosts.  Since I only have one public nic on my server,  my thought was to use ip aliasing to bind multiple physical ip addresses to the single nic.

Is this the way ssl is implemented on servers with multiple vhosts or is there some other technique?

My current iptables rules are based on the single ip address presently bound to the nic.  If I bind more ip addresses to the same nic, is iptables granular enough to allow for different rulesets on the ip aliases?  Can I specify "global" rules that apply to the entire interface and work backward applying more specific rules to each of the aliases?  This looks like it could get quite complicated the more ssl vhosts you have that require ip aliases.  

Does anybody have an idea of how much overhead if any multiple ips on a single nic create, especially if iptables is running against all those ips assuming it's even possible.  I know the best answer is it all depends but just trying to get some general advice here from someone that has been down this road.


More information about the LUG mailing list