Do I need to forward port for IP-Based Virtual Host to work ?
Having trouble visualising how IP-Based Virtual Host (with SSL) would work. Here is my vhosts.conf file:
Code:
#Define Name Virtal Host Let's say I just want to host one website with SSL. If I do Code:
<VirtualHost 10.10.0.55:443> Also, do I use internal ip address or external ip address in the <VirtualHost > tag? I only have one static public ip. Thanks for all your help in advance :) |
multiple ssl certs with one public ip is a huge mess i have had first hand experience with this
why? because with ssl the tunnel (eg which cert to use) has to be established BEFORE http headers are sent (which host to use), hence by domain alone you are going to get the first virtual host that hits and routing to virtual ip based on domain can't happen either because the encryption has to happen before such negotiations occur gnutls on apache can semi solve this with SNI (server name identification) but its compatibility with browsers is severely limited (windows vista or higher with ie7 or opera) and firefox and yes you would need port forwarding but from one separate public IP for each domain otherwise a multi domain or wildcard cert (for multiple subdomains of the same domain) would be necessary unless you have more then one public ip per domain otherwise you will have to use separate ports and one of the sites will force the end user to explicitly type the port in the url which isn't exactly the best practice |
Your static external ip is the one you link to SSL, so no, you can't have two virtual hosts sharing 1 static ip address. You could however have a shared SSL site which both virtual hosts use.
Can you get another static ip from your isp ? |
Thanks Frieza and smoker for prompt reply. So one SSL site per public ip. Got it. I've got one questions about ip-based virtual hosting (forget the SSL part in this case). I know with named based virtual hosting, the http header is read to determine which domain the request is coming in for.
With ip-based virtual hosting, http header is read for what info? Apache needs what info from the http packet? Just the ip right? Let's say I have two ip based virtual host running. Code:
<VirtualHost 68.129.56.145:80> Code:
<VirtualHost 10.10.0.54:80> Basically what I want to know is can I have multiple ip-based virtual host running on one public ip? thanks a lot again |
Quote:
As you say, apache can read the headers to see which host to send requests to, so it doesn't need an ip address. We call these name based virtual hosts. If it's ip based it needs to be public ip based. You can bind multiple ips to one hardware device but again, if you only have 1 public ip it's a waste of time and a place for problems to occur. You also need more than the usual crappy isp provided router to link multiple ips to one device. You only need public ips for SSL and anonymous FTP. The rest can be name based with no ill effects. Don't forget the world is running out of ipv4 addresses so the less you use the better. |
So the real advantage of ip-based virtual hosting is to consolidate your web servers.
And for ip-based virtual hosting, number of public ip's need to match number of internal ips / physical interfaces (or we could use ip-aliasing). Alright, I understand it now. Thanks a lot smoker :) |
All times are GMT -5. The time now is 08:57 PM. |