[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: ssl and ip masquerade
****** message to minivend-users from "Geoffrey D. Bennett" <g@netcraft.com.au> ******
> i've heard (read) that virtual hosts in apache will not work with ssl.
> so in order to use ssl with apache, you need different ip numbers for
> each site (domain name etc).
>
> the question is,
> will ssl work with one of the private ip numbering ranges (192.168.0.0)
> and then masqueraded out to one public ip address, such that many
> different sites have one public ip address and then masqueraded to the
> private 192.168.0.0 ssl server,
No, it won't.
> or
> you need one public ip address for every different site for ssl and
> apache?
Yes, but the limitation is in the protocol, not in Apache.
It's a catch-22:
- the server needs to know which virtual host is being contacted
before it can negotiate an SSL connection
- the server doesn't find out which host is being contacted until the
HTTP request is sent (unless you have separate IP addresses for each
virtual host)
- the HTTP request can't be sent until SSL has been negotiated (after
all, you are encrypting this information)
Regards,
--
Geoffrey D. Bennett (geoffrey@netcraft.com.au)
Computer Systems Manager, NetCraft Australia
http://www.netcraft.com.au/geoffrey/
Red Hat Linux Resellers: http://www.netcraft.com.au/linux/
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
