On Thu, Apr 14, 2011 at 11:36 AM, Matthew Dempsky <matt...@dempsky.org> wrote: > On Thu, Apr 14, 2011 at 11:09 AM, Kevin Chadwick <ma1l1i...@yahoo.co.uk> > wrote: >> Are you sure you want to do this. Do you want any ssl on these sites, >> because you'll need ugly :port on your ssl urls if you do. > > Using Subject Alternative Names, you can get a single SSL certificate > that covers multiple hostnames.
Alternatively, if someone adds SNI support to relayd, then you could still use multiple distinct SSL certificates as well. The version of OpenSSL in base already supports SNI. Also, both of these solutions assume relayd is the SSL termination point for both web sites. If instead you want the backends to be responsible for handling SSL, then yeah, you need to use separate IP addresses or ports.
