Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
156 views
in Technique[技术] by (71.8m points)

Apache Name Virtual Host with SSL

I am attempting to setup our servers to allow traffic over SSL. I am aware that SSL does not work with Name Virtual Host, but we have all of our apache servers on virtual machines with dedicated private IPs. We have a primary virtual machine that has mod_proxy setup to route traffic to the appropriate vms.

However, in order to route https traffic we need to have the certificate installed on the proxy as well as the vms. We have a wildcard certificate that can be used across all of our hosts. Everything appears to work properly, but I receive the following in the apache logs for the proxy:

[warn] Init: SSL server IP/port conflict: host1.domain.com:443 (/etc/apache2/sites-enabled/host1:1) vs. host2.domain.com:443 (/etc/apache2/sites-enabled/host2:1)

There is one of these error message for each host we have setup on the proxy. Our Virtual Host setup for the proxy is posted below:

<VirtualHost ipaddress:443>
    ServerName host1.domain.com
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / https://privateip:443/
    ProxyPassReverse / https://privateip:443/

    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>

Is there any way that I can get this to work?

question from:https://stackoverflow.com/questions/517336/apache-name-virtual-host-with-ssl

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It sounds like Apache is warning you that you have multiple <VirtualHost> sections with the same IP address and port... as far as getting it to work without warnings, I think you would need to use something like Server Name Indication (SNI), a way of identifying the hostname requested as part of the SSL handshake. Basically it lets you do name-based virtual hosting over SSL, but I'm not sure how well it's supported by browsers. Other than something like SNI, you're basically limited to one SSL-enabled domain name for each IP address you expose to the public internet.

Of course, if you are able to access the websites properly, you'll probably be fine ignoring the warnings. These particular ones aren't very serious - they're mainly an indication of what to look at if you are experiencing problems


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...