Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Serving multiple SSL websites on 1 box behind 1 public IP
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
OakRaider4Life
n00b
n00b


Joined: 31 Aug 2012
Posts: 2

PostPosted: Fri Aug 31, 2012 1:21 am    Post subject: Serving multiple SSL websites on 1 box behind 1 public IP Reply with quote

I maintain a small private server which I use to serve up a personal website and serve websites for a couple of friends as well. Currently, I do this with name based virtual hosting, but I would like to be able to secure each of these sites with their own SSL certificates. I understand that I can do this by switching over to IP based virtual hosting and using IP aliases, but what I'm struggling with is the best way to securely deliver HTTPS requests to those virtual hosts.

The option I've been exploring the most extensively is the apache reverse proxy, but it seems to present challenges to ensuring separate, secure, SSL connections between each host and its clients that make me think I should start looking elsewhere (e.g., anyone connecting to any of the websites would be sharing the same encrypted pipeline since they connect to the same proxy).

The option I've started looking at since is using Apache's redirect rules to redirect a request to it's appropriate IP based virtual host. However, the challenge here seems to be that redirect rules don't appear to be intended to reroute a request coming from outside of the subnet to a different subnet IP address.

I've considered exploring the option of setting up a DNS name server and setting up my DNS records to point to it, but this would mean I have a lot of reading ahead of me, and a whole mess of time to invest in setting it up. Obviously, I'd prefer to be able to play with a few config files to make it work.

Am I even on the right track? Can anyone comment on these possible solutions or point me in the direction of a better one?
Back to top
View user's profile Send private message
OakRaider4Life
n00b
n00b


Joined: 31 Aug 2012
Posts: 2

PostPosted: Fri Aug 31, 2012 4:05 am    Post subject: Reply with quote

And the solution is:

There was never a problem. My information was outdated, as modern versions of every major browser and apache support name based ssl through SNI. Maybe this inquiry will help someone some day -_-

http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
Back to top
View user's profile Send private message
Mad Merlin
Veteran
Veteran


Joined: 09 May 2005
Posts: 1155

PostPosted: Fri Sep 07, 2012 4:23 am    Post subject: Reply with quote

OakRaider4Life wrote:
And the solution is:

There was never a problem. My information was outdated, as modern versions of every major browser and apache support name based ssl through SNI. Maybe this inquiry will help someone some day -_-

http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI


Yes, SNI is the solution that you're looking for. You really need to know the browser demographics of your users though, as there is no option for graceful degredation, the page simply won't load if they don't have SNI. Among the general public, there's still huge swaths of people with no SNI support (primarily those still on XP, no version of IE on XP supports SNI).
_________________
Game! - Where the stick is mightier than the sword!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum