[lug] ssl apache paths

Zan Lynx zlynx at acm.org
Tue Aug 14 17:46:18 MDT 2007


On Tue, 2007-08-14 at 17:33 -0600, dio2002 at indra.com wrote:
> >> Yes. Each ssl host needs to have it's own IP.
> >> The name based virtual stuff takes place after the ssl handshake
> >> between your server and the browser. It already has to know the
> >> hostname it's going to to verify the ssl certificate. You can't do
> >> multiple ones in a single IP...
> >
> > Darn!  i guess ip aliasing is my only option here.  i'm trying to
> > find a way to do this without having to buy more ip addresses.
> 
> Actually, there IS another option.  setup ssl to listen to multiple PORTS
> on the SAME IP!
> 
> that allows for unique pathing for routing to the appropriate vhost.  but
> i'm trying to figure out how to make all this work.  the wood's burning
> but the smoke hasn't cleared yet ;-).  suggestions welcome.
> 
> fwiw, the login links are for known admins so the end user experience for
> all of this doesn't have to be pretty.

How is this scenario?

User connects via http and gets a virtual host by name.

The http virtual host redirects to a SSL server running on a unique port
for the unique name on the SSL cert on that port.  (You'll need DNS
records that point to the same address.)

So, http://site1.com/ ends up at https://site1.com:4000,
http://site2.com/ goes to https://site2.com:4001/, etc.

I think it'd work.

By the way, here's what I use to redirect to SSL.  I sorta cheat since I
use a PHP script for the hard part.  You might be able to do it with
mod_rewrite if you like that better.

<VirtualHost *:80>
SSLEngine off
DirectoryIndex /lib/redirect-to-secure.php
AliasMatch ^/.* /home/httpd/ti/lib/redirect-to-secure.php
</VirtualHost>

Here's redirect-to-secure.php:
<?php
$location = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
Header(
        "Location: $location",
        TRUE,
        301);
?>
<html>
<body>
<a href="<?php echo $location ?>"><?php echo $location ?></a>
</body>
</html>

-- 
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20070814/2547a6c9/attachment.pgp>


More information about the LUG mailing list