[olug] SSL for Multiple Apache Named VirtualHosts on a single IP?
Rob Townley
rob.townley at gmail.com
Fri Mar 5 01:12:42 UTC 2010
OS = CentOS 5.4
Apache 2 by itself is not capable of supporting more than one SSL
enabled name based virtual host on the same numeric IP address. So
each VirtualHost effectively needs its own IP. Are Apache's
limitations true even of wildcard SSL certificates?
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
http://askcolddrink.blogspot.com/2007/03/apache-httpd-virtual-hosts-and-ssl.html
That is frustrating because the SSL Certificate itself is not tied to
an IP address, but the SSL protocol seems to force the binding to a
single IP name. Security has got to be easier than this this by now.
i compiled and wrote OpenSSL windows services 10 years ago, so i am
rusty. But i do remember TLS promised something better, but the
browsers didn't support it. These are internal private only web
servers, so i can add more numeric IP addresses, but i would much
rather not have that overhead.
I.] There has got to be an easier ready-to-go framework running on
top of Apache to facilitate a way to handle multiple name based SSL
VirtualHosts on the same IP? Hibernate? Spring? Joomla? Drupal?
Which one would work best for forcing https on the login pages for
various sysadmin pages such as FreeGhost, drbl, ocsinventory-ng, rt,
phpMyAdmin each with their own subdomain name?
II.] If all the VirtualHosts are in the same domain name and that
domain name has a wildcard SSL certificate, is there some way around
Apache's limitations?
A.) Self generated *.DomainName.com WildCard SSL certificate.
B.) VirtualHosts all within that same *.DomainName.com wildcard.
C.) ServerNameAlias with all the different server names in a single
VirtualHost entry.
D.) Perl / Python / PHP script that reads the client's host
directive and then rewrites it to somewhere else maybe using
VirtualDocumentRoot.
III.] Something involving reverse proxy but that is overkill.
More information about the OLUG
mailing list