Re: SSL Apache & Tomcat (NameBased VirtualHosts)

Tue, 24 Jul 2001 03:53:47 -0700

Here are the solution from the official modssl FAQ:
 
  • Why can't I use SSL with name-based/non-IP-based virtual hosts?    [L]

    The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo!

    •  

    Lars Nielsen Lind
     
    ----- Original Message -----
    From: "John Bazeley" <[EMAIL PROTECTED]>
    To: <[EMAIL PROTECTED]>
    Sent: Tuesday, July 24, 2001 2:42 AM
    Subject: RE: SSL Apache & Tomcat (NameBased VirtualHosts)

    > Lars,
    >
    > I thought you could only have SSL on one of your name based virtual
    > hosts. To have more than 1 SSL server you need to move over to IP-
    > based hosting.
    >
    > There's a very good reason for this which slips my mind. Something
    > to do with SSL handshaking happening before you read the hostname
    > from out of the HTTP headers. Check the archives for a more, erm,
    > complete explanation. Also maybe     www.modssl.org has an explanation.
    >
    > cheers,
    > --
    > John
    >
    >
    > > -----Original Message-----
    > > From: Lars Nielsen Lind [mailto:[EMAIL PROTECTED]]
    > > Sent: Monday, 23 July 2001 22:13
    > > To:     [EMAIL PROTECTED]
    > > Subject: Re: SSL Apache & Tomcat (NameBased VirtualHosts)
    > >
    > >
    > > Anyone that have accomplished to get SSL working with
    > > Apache/Jakarta-Tomcat and NameBased VirtualHosts?
    > >
    > > Is it possibe to receive a copy of the httpd.conf and the SSL
    > > conf files - and an URL to the website where it is working?
    > >
    > > Thanks.
    > >
    > > Lars Nielsen Lind
    > >
    > > ----- Original Message -----
    > > From: "Lars Nielsen Lind" <    [EMAIL PROTECTED]>
    > > To: <    [EMAIL PROTECTED]>
    > > Sent: Thursday, July 19, 2001 10:24 PM
    > > Subject: Re: SSL Apache & Tomcat (NameBased VirtualHosts)
    > >
    > >
    > > It dows not function correct. So I'll have to start one Apache
    > > instance with the httpd.conf file (port80) and another with the
    > > httpd_ssl.conf file (port443 - made by myself). Just as it is
    > > written in Professional Apache from Wrox.
    > >
    > > It is apparently the one and only way to solve the problems with
    > > NameBased VirtualHost and mod_ssl.
    > >
    > > I have tried to use the apache, apachectl command, and also the
    > > /ect/rc.d/init.d/httpd start command with -f <filename>, but it
    > > won't start with the SSL settings. The apache and apachectl won't
    > > work at all.
    > >
    > > Any solutions.
    > >
    > > ----- Original Message -----
    > > From: "Ralph Einfeldt" <    [EMAIL PROTECTED]>
    > > To: <    [EMAIL PROTECTED]>
    > > Sent: Thursday, July 19, 2001 3:11 PM
    > > Subject: AW: SSL Apache & Tomcat (NameBased VirtualHosts)
    > >
    > >
    > > 1. this is a bit off topic for questions like that, it's
    > >    better go to the apache list
    > >
    > > 2. you don't have to setup 2 apaches:
    > >    just define two virtual hosts in httpd.conf:
    > >
    > >     NameVirtualHost 111.22.33.44
    > >
    > >     <VirtualHost 111.22.33.44:80>
    > >       ServerName     www.domain.tld
    > >       DocumentRoot /www/domain
    > >     </VirtualHost>
    > >
    > >     <VirtualHost 111.22.33.44:443>
    > >       ServerName     www.domain.tld
    > >       DocumentRoot /www/domain
    > >     </VirtualHost>
    > >
    > >     <VirtualHost 111.22.33.44:80>
    > >       ServerName     www.otherdomain.tld
    > >       DocumentRoot /www/otherdomain
    > >     </VirtualHost>
    > >
    > >     <VirtualHost 111.22.33.44:443>
    > >       ServerName     www.otherdomain.tld
    > >       DocumentRoot /www/otherdomain
    > >     </VirtualHost>
    > >
    > >     see:     http://httpd.apache.org/docs/vhosts/name-based.html
    > >
    > > 3. To start apache with a different config file use
    > >    apache -f <file>
    > >
    > > -----Ursprüngliche Nachricht-----
    > > Von: Lars Nielsen Lind [mailto:[EMAIL PROTECTED]]
    > > Gesendet: Donnerstag, 19. Juli 2001 14:32
    > > An:     [EMAIL PROTECTED]
    > > Betreff: SSL Apache & Tomcat (NameBased VirtualHosts)
    > >
    > >
    > > I want to use SSL with my Apache & Tomcat (mod_jk) - NameBased
    > > VirtualHosts.
    > >
    > > I have read that I then should make to configuration files for the Apache
    > > Web Server. One for communicating with port 80 (without SSL) and one for
    > > communicating with port 443 (with SSL). Finally I shall start two
    > > instances
    > > of the Apache Web Server - one that handles http requests and another that
    > > handles https requests.
    > >
    > > 1.) Normally the httpd.conf file is placed in /etc/httpd/conf/httpd.conf.
    > > Where shall I place the new SSL configuration file?
    > >
    > > 2.) How do I start two instances of the Apache Web Server - that
    > > uses their
    > > own configuration files?
    > >
    > > Thanks
    > >
    > > Lars Nielsen Lind
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    >
    >
    >

    Reply via email to