[clue-tech] apache2 ssl with virtual hosts

Mike Staver staver at fimble.com
Thu Mar 16 22:11:14 MST 2006 

>> So are you saying that you're able to serve virtual hosts with one IP
>> using SSL with mod_rewrite? I didn't think that was possible since the
>> http header was encrypted and that header is necessary to do virtual
>> hosting. If that's not true I'd *love* to know how you did it since I
>> could save myself a few bucks and get rid of some additional static IPs.
> 
> Yeah THAT'S not possible.
> My problem was I set up http and https for domain1.com, but 
> https://domain2.com was bringing up the site for https://domain1.com
> 
> Why we can't just have SSL layer based on the IP instead of the domain 
> name (like SSH does), I don't know.

I think I have done what you're suggesting before - are you simply 
trying to use one public IP address for 2 SSL cert based domain names? I 
have done that before I think - I could be wrong, I honestly can't 
remember how I did it a few years ago, but I may have had 2 IPs pointed 
at one box. Would this work?

<VirtualHost *:443>
ServerName domain1.com:443
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain1.com.crt
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain1.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain1.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
     SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


<VirtualHost *:443>
ServerName domain2.com:443
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain2.com.crt
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain2.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain2.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
     SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

If that didn't work, maybe change the virtualhost lines to:

<VirtualHost domain1.com:443>
<VirtualHost domain2.com:443>
-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech

More information about the clue-tech mailing list