wesayso.net
We know what you want. We know what you need. We know where you live.
We have said so 


First Published 3-11-2009
This document describes a basic scheme to provide several secure encrypted web hosts on a Linux system with only one IP address and each host having it's own domain name and certificate.


So you want to have several secure virtual hosts but have been told that you can't do it without assigning an IP address to each one.

You're in the right place.

Tell me I can't do something, I dare you.  :)




This took a lot of time in testing and getting it to work in Firefox and IE7. If you use this scheme you owe me a bottle of tequila. I should tell you, I drive a bright red truck, state licensed 666MTB (Marks The Beast) so pay up, or I'll get you! :)




Russ Kisling

"^[rustek]@[wesayso]\.[net]$"



This was developed  in 2008/2009 for Agleos Inc.

You can't use name based virtual hosting for secure hosts because the certs won't work right, so you have to use IP based virtual hosts, but each has to have it's own IP address right,,, wrong, only one can be on port 443 but you can have as many as you want on different ports all on the same IP address.

Using one IP address and mod-rewrite for apache2 you can set up example.com and www.example.com to point to:
https://www.example.com:56001/

And...

example2.com and www.example2.com to point to:
https://www.example2.com:56002/
and so on, on and on, as many as you want, and all the certs will work without complaining.

Just to clarify, you have to goto http://example.com  or http://www.example.com
and the address will be rewritten to:
https:/www.example.com:56001/

If you goto example.com/index99.html
it will rewrite to:
https://www.example.com:56001/index99.html

So:
example.com
www.example.com
https://www.example.com:56001
Will all work and will all be secure.

But:
https://example.com
https://www.example.com
Will fail, and will even goto the wrong page if the user grants an exception to the bad cert. Nothings perfect, but if you do it right, that wrong page will always be an error page explaining what they did wrong or a redirect to the page they actually wanted. (that's what we do)

The pages are always called with http and always provided https.
And did I mention it won't complain about the cert?
Your looking at an encrypted page setup this way right now.




Our system is:
Ubuntu (intrepid)
apache2 2.2.9-7ubuntu3  installed
apache2-mpm-prefork 2.2.9-7ubuntu3  installed
apache2-utils 2.2.9-7ubuntu3  installed
apache2.2-common 2.2.9-7ubuntu3 installed

Obviously the apache version must be able to do ssl.

apache2 mod-rewrite and mod-ssl installed
# a2enmod rewrite
# a2enmod ssl

Below you will find sample httpd.conf sections.
They are written to use IP 192.168.10.1 for example*.com  and  www.example*.com



Common section:

Shows three hosts.

#####  IP Based VirtualHost
##### Redirects http://host.xyz and http://www.host.xyz to Secure Host
Listen 192.168.10.1:80
<VirtualHost 192.168.10.1:80>
ServerName www.yourdomain42.org            # change this
ServerAdmin admin@yourdomain42.org       # change this also

RewriteEngine on

RewriteCond   %{HTTP_HOST}  ^example\.com
RewriteRule ^(.*) https://www.example.com:56001$1 [NC,R=301,L]
RewriteCond   %{HTTP_HOST}  ^www\.example\.com
RewriteRule ^(.*) https://www.example.com:56001$1 [NC,R=301,L]


RewriteCond   %{HTTP_HOST}  ^example2\.com
RewriteRule ^(.*) https://www.example2.com:56002$1 [NC,R=301,L]
RewriteCond   %{HTTP_HOST}  ^www\.example2\.com
RewriteRule ^(.*) https://www.example2.com:56002$1 [NC,R=301,L]


RewriteCond   %{HTTP_HOST}  ^example3\.com
RewriteRule ^(.*) https://www.example3.com:56003$1 [NC,R=301,L]
RewriteCond   %{HTTP_HOST}  ^www\.example3\.com
RewriteRule ^(.*) https://www.example3.com:56003$1 [NC,R=301,L]

</VirtualHost>


Individual sections:

Each host will need a section like this.

##### IP Based VirtualHost
##### The actual config for the secure host.
Listen 192.168.10.1:56001
<VirtualHost 192.168.10.1:56001>
  ServerName www.example.com
  ServerAdmin admin@example.com
 

  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on
  #

... The rest of your config for this host.
   Options...
   Order...

</VirtualHost>

The error page section:
Note: There are several ways of doing this part, this is just one example.
##### IP Based VirtualHost
##### Redirect to error page.
Listen 192.168.10.1:443
<VirtualHost 192.168.10.1:443>
ServerName www.yourdomain42.org
ServerAdmin admin@yourdomain42.org

   #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on
  #

... The rest of your config for this host.
   Options...
   Order...

##### Make index.html for this host your error page.
##### This host can have a self signed certificate
##### as it will never be called by the right name anyway.

</VirtualHost>