Hi Everyone,

Here's the situation.

I have an apache server that has 4 domains on it. Some use ssl. Some dont. Some use both.

I have your typical name based virtual hosts. They all look similar to this.

I tried adding this, to make ssl work.

So effectively I have both of those in my httpd-vhosts. The regular non ssl site works. The ssl sites doesn't at all. I get a forbidden message. What am I missing here?

You can only have one name based virtual host using SSL. Have you had a look at through the Apache docs at http://httpd.apache.org/docs/2.0/? There's an FAQ on SSL and virtual hosts at http://httpd.apache.org/docs/2.0/ssl....html#parallel and http://httpd.apache.org/docs/2.0/ssl...aq.html#vhosts

For running SSL sites you must have uniq IP for each SSL site.

Sample config for domain1.com [SSL & NonSSL] and domain2.com [NonSSL]

# For domain1.com Non-SSL requests
<VirtualHost 10.1.0.25:80>
Servername www.domain1.com
DocumentRoot /usr/local/apache2/htdocs/domain1/
</VirtualHost>

# For domain1.com SSL requests
<VirtualHost 10.1.0.25:443>
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
Servername www.domain1.com
DocumentRoot /usr/local/apache2/htdocs/domain1/
</VirtualHost>

# For domain2.com Non-SSL requests
<VirtualHost 10.1.0.26:80>
Servername www.domain2.com
DocumentRoot /usr/local/apache2/htdocs/domain1/
</VirtualHost>

Thanks for the links and the replies. So here is another linux question that may be better suited for a differnt forum. But I'll try it here first.

Since I need 2 IP's now, to run two differnt sites. How do I go about setting this up? Do I need two nic's now? I do already have 2 nics, but one is setup for external use. Or can this be fixed via a configuration setup?

Also, we do have extra external IP addresses, but they all get nat'd and get pumped to a local address. Would I use the external address or the internal address for the virtual host setup?

The machines use a 192.168..... addresss. We use 75...... addresses for our external.

You don't need separate NICs for each IP, although that is a possibility. Linux is happy to assign up to 255 addresses per NIC, and that is how I would do it. For 2 SSL sites, assign 2 addresses in the 192.168 range you use on your LAN to this machine. Say for example you give the machine both 192.168.1.50 and 192.168.1.51. Make sure you assign just one gateway to the two virtual interfaces, something like this:

That is from a Debian /etc/networking/interfaces file, but I believe that syntax will work on all distros, it is just a question of where that file is. In any case, that gives the box both 192.168.1.50 and 192.168.1.51 on one NIC.

Then on your firewall or router, use port forwarding or one to one NAT to map 75.A.B.C to 192.168.1.50 and 75.A.B.D to 192.168.1.51. Then you change your apache to do the virtual hosts by addresses rather than names. The post above by p_s_shaw has that mapped out clearly, and you'd simply have to add the location of the second ssl config for that site. You'd use internal addresses on the apache host, and map the external addresses to those local through your gateway/firewall/router.

Peace,
JimBass

Ah yes. I have totally forgotten about that. Many thanks to everyone.