[geeks] Apache
Jonathan Groll
lists at groll.co.za
Wed Jun 17 10:11:32 CDT 2009
On Wed, Jun 17, 2009 at 11:01:25AM -0400, Phil Stracchino wrote:
>A quick Apache question, just in case anyone's ever had to figure this
>one out:
>
>Apache has no problem putting multiple HTTP named virtual hosts on a
>single IP. But it objects to having HTTPS named virtual hosts.
>
>Now, suppose you have only a single external IP address available. And
>you need - or at least want - to have two HTTPS virtual hosts behind
>that IP. Does anyone know how to do this without Apache complaining
>about it?
>
>I don't actually *NEED* SSL for what I'm doing right now. But I'd like
>to figure out whether there's a way to make it work properly.
>
The apache docs at
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts have this to
say:
"Why can't I use SSL with name-based/non-IP-based virtual hosts?
The reason is very technical, and a somewhat "chicken and egg"
problem. The SSL protocol layer stays below the HTTP protocol layer
and encapsulates HTTP. When an SSL connection (HTTPS) is established
Apache/mod_ssl has to negotiate the SSL protocol parameters with the
client. For this, mod_ssl has to consult the configuration of the
virtual server (for instance it has to look for the cipher suite, the
server certificate, etc.). But in order to go to the correct virtual
server Apache has to know the Host HTTP header field. To do this, the
HTTP request header has to be read. This cannot be done before the SSL
handshake is finished, but the information is needed in order to
complete the SSL handshake phase. Bingo!"
Cheers,
Jonathan
More information about the geeks
mailing list