On 6/13/07, Aaron <[EMAIL PROTECTED]> wrote:
Hi All,
I am running OpenBSD and their default install of apache (BSD patched
version 1.3.29) behind a nat. I want to use ip based virtual hosts on
the main web server so that I can run multiple ssl sites with a diff.
certificate for each. Since i'm behind a nat, the outside world
obviously can't see my individual ips for the virtuals hosts. Can I use
another box running apache with mod_proxy to reverse proxy the https
requests to the correct virtual host/ip? I thought that i read
somewhere that this wouldn't work because the request is encrypted, thus
no way to get the servername out of the request without decrypting it,
but then i saw a post from back in jan. it was said that this is
possible using mod_proxy and mod_proxy_connect (so that the proxying
machine doesn't do any handling of the certificates) for one host
running https. Would this also work for multiple hosts like I need?
Will this work for the 1.x version of Apache that i'm using? Would
simply using mod_proxy with the AllowCONNECT directive work?
I do read the docs, and search the archives (google too), but i can't
find exactly what i'm looking for, so if anyone does know a positive
answer to this, a very brief example would be greatly appreciated.
Do you have a different IP for each of your hosts on the public side
of your NAT firewall? If yes, then you just have the NAT firewall
forward each IP to its corresponding apache instance on your
webserver. If not, than you can't do what you are trying to do.
mod_connect will be of no use, as all it does is pass bytes back and
forth between to network sockets. It doesn't do anything based on
what's in the stream.
Krist
--
[EMAIL PROTECTED]
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
