wesayso.net
We know what you want. We know what you need. We know where you live.
We
have said so
First Published 3-11-2009
This
document describes a basic scheme to provide several secure encrypted
web hosts on a Linux system with only one IP address and each
host having it's own domain name and certificate.
So
you want
to have several secure virtual hosts but have been told that
you can't do it without assigning an IP address to each one.
You're in the right place.
Tell me I can't do something, I dare you. :)
This
took a lot of time in testing and getting it to work in
Firefox
and IE7. If you use this scheme you owe me a bottle of tequila. I
should tell you, I drive a bright red truck, state licensed 666MTB
(Marks The Beast) so pay up, or I'll get you! :)

Russ Kisling

"^[rustek]@[wesayso]\.[net]$"
This was developed in 2008/2009 for Agleos Inc.
You can't use name based virtual hosting for secure hosts because the
certs won't work right, so you have to use IP based virtual hosts, but
each has to have it's own IP address right,,, wrong, only one can be on
port 443 but you can have as many as you want on different ports all on
the same IP address.
Using one IP address and mod-rewrite for apache2 you can set up
example.com and www.example.com to point to:
https://www.example.com:56001/
And...
example2.com and www.example2.com to
point to:
https://www.example2.com:56002/
and so on, on and on, as many
as you want, and all the certs will work without complaining.
Just to clarify, you have to goto http://example.com or
http://www.example.com
and the address will be rewritten to:
https:/www.example.com:56001/
If you goto example.com/index99.html
it will rewrite to:
https://www.example.com:56001/index99.html
So:
example.com
www.example.com
https://www.example.com:56001
Will all work and will all be secure.
But:
https://example.com
https://www.example.com
Will
fail, and will even goto the wrong page if the user grants an exception
to the bad cert. Nothings perfect, but if you do it right, that wrong
page will always be an error page explaining what they did wrong or a redirect to the page they actually wanted. (that's what we do)
The pages are always called with http and always provided https.
And did I mention it won't complain about the cert?
Your looking at an
encrypted
page setup this way right now.
Our system is:
Ubuntu (intrepid)
apache2 2.2.9-7ubuntu3 installed
apache2-mpm-prefork 2.2.9-7ubuntu3 installed
apache2-utils 2.2.9-7ubuntu3 installed
apache2.2-common 2.2.9-7ubuntu3 installed
Obviously the apache version must be able to do ssl.
apache2
mod-rewrite and mod-ssl installed
#
a2enmod rewrite
# a2enmod
ssl
Below you will find sample httpd.conf sections.
They are written
to use
IP 192.168.10.1 for example*.com and www.example*.com
Common
section:
Shows three hosts.
#####
IP Based VirtualHost
#####
Redirects http://host.xyz and http://www.host.xyz
to Secure Host
Listen 192.168.10.1:80
<VirtualHost
192.168.10.1:80>
ServerName www.yourdomain42.org
#
change this
ServerAdmin admin@yourdomain42.org
# change this also
RewriteEngine on
RewriteCond
%{HTTP_HOST}
^example\.com
RewriteRule ^(.*) https://www.example.com:56001$1 [NC,R=301,L]
RewriteCond
%{HTTP_HOST}
^www\.example\.com
RewriteRule ^(.*) https://www.example.com:56001$1 [NC,R=301,L]
RewriteCond
%{HTTP_HOST}
^example2\.com
RewriteRule ^(.*) https://www.example2.com:56002$1 [NC,R=301,L]
RewriteCond
%{HTTP_HOST}
^www\.example2\.com
RewriteRule ^(.*) https://www.example2.com:56002$1 [NC,R=301,L]
RewriteCond
%{HTTP_HOST}
^example3\.com
RewriteRule ^(.*) https://www.example3.com:56003$1 [NC,R=301,L]
RewriteCond
%{HTTP_HOST}
^www\.example3\.com
RewriteRule ^(.*) https://www.example3.com:56003$1 [NC,R=301,L]
</VirtualHost>
Individual
sections:
Each host will need a section
like this.
#####
IP Based VirtualHost
##### The actual config for the secure host.
Listen 192.168.10.1:56001
<VirtualHost 192.168.10.1:56001>
ServerName www.example.com
ServerAdmin admin@example.com
# SSL Engine Switch:
# Enable/Disable SSL for this virtual
host.
SSLEngine on
#
... The rest of your config for this host.
Options...
Order...
</VirtualHost>
The error page section:
Note:
There are several ways of doing this part, this is just one example.
##### IP Based VirtualHost
##### Redirect to error page.
Listen 192.168.10.1:443
<VirtualHost 192.168.10.1:443>
ServerName
www.yourdomain42.org
ServerAdmin admin@yourdomain42.org
# SSL Engine Switch:
# Enable/Disable SSL for this virtual
host.
SSLEngine on
#
... The rest of your config for this host.
Options...
Order...
##### Make index.html for this host your error page.
##### This host can have a self signed certificate
##### as it will never be called by the right name anyway.
</VirtualHost>