[GLLUG] Have multiple domains / hosts on one server
Charles Ulrich
charles at idealso.com
Fri May 5 12:56:41 EDT 2006
Lachniet, Mark wrote:
> You might think so, but....
>
> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
>
> Why can't I use SSL with name-based/non-IP-based virtual hosts?
>
> The reason is very technical, and a somewhat "chicken and egg" problem.
> The SSL protocol layer stays below the HTTP protocol layer and
> encapsulates HTTP. When an SSL connection (HTTPS) is established
> Apache/mod_ssl has to negotiate the SSL protocol parameters with the
> client. For this, mod_ssl has to consult the configuration of the
> virtual server (for instance it has to look for the cipher suite, the
> server certificate, etc.). But in order to go to the correct virtual
> server Apache has to know the Host HTTP header field. To do this, the
> HTTP request header has to be read. This cannot be done before the SSL
> handshake is finished, but the information is needed in order to
> complete the SSL handshake phase. Bingo!
Right, this was what I was saying (or trying to say). You can't do
name-based virtual hosts with HTTPS, only IP-based ones. But you can, in
fact, do name-based HTTP virtual hosts on the same box and IP address as
an IP-based HTTPS virtual host.
--
Charles Ulrich
Ideal Solution, LLC -- http://www.idealso.com
More information about the linux-user
mailing list