My goal is to have multiple SSL sites on multiple IP address, but I'm struggling with the Apache setup:
// I want this:
http + https example.com
http + https example.net
// On these IPs:
http example.com 1.1.1.1:80
http example.net 1.1.1.1:80
https example.com 2.2.2.2:443
https example.net 3.3.3.3:443
Note that the DocumentRoot is different for all 4 sites.
In my current Apache setup, when a client visits https://example.com, Apache serves up 1.1.1.1 (connection refused, assume :443) instead of 2.2.2.2:443. The same is true with https://example.net (instead of 3.3.3.3:443). I assume this is because of my DNS a records for @ and www pointing to 1.1.1.1. The non-SSL 1.1.1.1 name-based-vhosts work fine.
I'm not sure if this is intended Apache behavior or not. So the core of my question is, "is this intended Apache behavior? If so, could someone give me an example of how the IPs should look in this situation? Should BOTH http and https example.com be on ONE IP instead of me splitting them up like this?"
My httpd.conf is like this right now:
# http example.com and http example.net:
Listen 1.1.1.1:80
# https example.com:
Listen 2.2.2.2:443
# https example.net:
Listen 3.3.3.3:443
NameVirtualHost *:80
ServerName example.com
DocumentRoot /var/www/example.com
ServerName example.net
DocumentRoot /var/www/example.net
SSLEngine on
ServerName example.com
DocumentRoot /var/www/example.com-ssl
SSLEngine on
ServerName example.net
DocumentRoot /var/www/example.net-ssl
Edit: Every google search I do returns tons of SNI guides (multiple SSL vhosts on one IP, which is not what I'm looking for.
Answer
You seem to have misunderstood how DNS works.
DNS in this case resolves names such as example.com to IP addresses such as 203.0.113.1. You can't have a different IP address for a different port or service.
Thus, you need to use the same IP address for HTTP, HTTPS and every other service that might be served with that domain name.
No comments:
Post a Comment