We have put together a virtual IP based apache+mod_ssl server. This is the first time I have done this type of thing as we were running a name based virtual server up to this point. I have a few questions, obviously. ;-) I stacked three IP addresses up on the ethernet using ifconfig:
ifconfig eth0:1 64.x.x.100 netmask 255.255.255.0 ifconfig eth0:2 64.x.x.101 netmask 255.255.255.0
I created three apache servers, each binds to it's individual IP address via the Listen directive within apache, e.g.:
NameVirtuals: Listen 64.x.x.99:80 Secure0: Listen 64.x.x.100:443 Secure1: Listen 64.x.x.101:443
A netstat verifies that this binding is as expected and the individual apache servers (and children) are listening where they should be.
The named virtuals is using vhosts/Vhost.conf to specifiy the various virtual domains that are available via port 80 of the 64.x.x.99 server. I presume that we can only listen on port 80 of that IP and that an attempt to also listen on port 443 will result in a nasty failure? Yes, we did try to listen on both port 80 and port 443 with a single server, heh, I don't take anybodies word for it if they say "it cannot be done", but such information is not ignored out of hand. ;-) heh
Anyhow, everything seems to be working fine. Each server has its own unique user + group defined: apache, apache_s1, and apache_s2. What I was confused about was the shared (?) files used for ssl housekeeping, these are:
ssl_mutex ssl_scache
From the apache documentation, which is extremely terse regarding IP virtuals(!), it seems to suggest that the semaphore signaling would be used as an interprocess communication sync method between modules / functions of the particular server. The impression that I got from the docs was that a mutex file would need to be defined for each server running modssl? I defined them as such:
Secure0: SSLMutex file:/var/cache/apache2-mod_ssl/ssl_mutex0 Secure1: SSLMutex file:/var/cache/apache2-mod_ssl/ssl_mutex1
This way I can avoid collisions between the two independant apache servers running modssl and avoid mutex problems? My understanding is that each server would have a copy of libc (whatever) and semaphores would be peculiar to the loaded modssl & apache runtimes, therefore, reusing the ssl_mutex file would result in very bad things happening? I did the same for the ssl_scache files, defined unique files for them as well.
Yes, we also segragated the error_log, httpd-pid, etc., files as well. The cert is shared (defined) as being common to the two secure services (servers), we have no need for a seperate cert as yet, this is still a test server.
TIA,
TomW
-- Tom Walsh - WN3L - Embedded Systems Consultant http://openhardware.net, http://cyberiansoftware.com "Windows? No thanks, I have work to do..." ----------------------------------------------------
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
