[lug] IP aliasing, https and iptables

Zan Lynx zlynx at acm.org
Thu Jun 19 11:24:24 MDT 2008

Hash: SHA1

Sean Reifschneider wrote:
> karl horlen wrote:
>> Is this the way ssl is implemented on servers with multiple vhosts or is
>> there some other technique?
> This is the typical approach.  You can run one SSL instance on the same IP
> you are using for non-SSL, since the SSL usually runs on port 443, so it
> can share the IP with the non-SSL sites running on port 80.
> you *COULD* run multiple SSL instances on the same IP, if you put them on
> different ports.  However, that would lead to needing to use the URL
> "https://hostname:444/" and so on, where you explicitly specify the port.
> If the site is only referenced from internal URLs that might be fine, but
> if you ever expect users to directly access it, using a different IP is
> what you want to do.
One thing you can do with multiple ports is to use HTTP on port 80 to
redirect requests to the appropriate hostname and port.  Disable
standard port 443 altogether (or run standard HTTP on it) or the users
will get scary Bad SSL! messages when they forget the port.

I believe that if the browser is using TLS and gets standard HTTP on a
port 443 connect, it will shift to HTTP, so that could possibly be
linked to the same redirector that is running on port 80.

Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the LUG mailing list