[lug] ssl apache paths

dio2002 at indra.com dio2002 at indra.com
Tue Aug 14 19:43:56 MDT 2007 

> On Tue, 2007-08-14 at 17:33 -0600, dio2002 at indra.com wrote:
>> >> Yes. Each ssl host needs to have it's own IP.
>> >> The name based virtual stuff takes place after the ssl handshake
>> >> between your server and the browser. It already has to know the
>> >> hostname it's going to to verify the ssl certificate. You can't do
>> >> multiple ones in a single IP...
>> >
>> > Darn!  i guess ip aliasing is my only option here.  i'm trying to
>> > find a way to do this without having to buy more ip addresses.
>>
>> Actually, there IS another option.  setup ssl to listen to multiple
>> PORTS
>> on the SAME IP!
>>
>> that allows for unique pathing for routing to the appropriate vhost.
>> but
>> i'm trying to figure out how to make all this work.  the wood's burning
>> but the smoke hasn't cleared yet ;-).  suggestions welcome.
>>
>> fwiw, the login links are for known admins so the end user experience
>> for
>> all of this doesn't have to be pretty.
>
> How is this scenario?
>
> User connects via http and gets a virtual host by name.
>
> The http virtual host redirects to a SSL server running on a unique port
> for the unique name on the SSL cert on that port.  (You'll need DNS
> records that point to the same address.)
>
> So, http://site1.com/ ends up at https://site1.com:4000,
> http://site2.com/ goes to https://site2.com:4001/, etc.
>
> I think it'd work.

I think it will too.  I'm going to have to use redirects instead of php
though.  And i won't redirect the entire site, just specific paths.

thanks

> By the way, here's what I use to redirect to SSL.  I sorta cheat since I
> use a PHP script for the hard part.  You might be able to do it with
> mod_rewrite if you like that better.
>
> <VirtualHost *:80>
> SSLEngine off
> DirectoryIndex /lib/redirect-to-secure.php
> AliasMatch ^/.* /home/httpd/ti/lib/redirect-to-secure.php
> </VirtualHost>
>
> Here's redirect-to-secure.php:
> <?php
> $location = "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
> Header(
>         "Location: $location",
>         TRUE,
>         301);
> ?>
> <html>
> <body>
> <a href="<?php echo $location ?>"><?php echo $location ?></a>
> </body>
> </html>
>
> --
> Zan Lynx <zlynx at acm.org>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list