Date: Fri, 22 Nov 2002 13:12:47 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-Stable Mailing List <freebsd-stable@FreeBSD.ORG> Subject: Re: jailed virtual https, anyone? Message-ID: <20021122131247.GB30135@happy-idiot-talk.infracaninophi> In-Reply-To: <20021122145947.406b4d31.tarkhil@webmail.sub.ru> References: <0F232CC93A58D6119C1600B0D0799B817CE703@hamsrvmx03.logica.co.uk> <20021122145947.406b4d31.tarkhil@webmail.sub.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 22, 2002 at 02:59:47PM +0300, Alex Povolotsky wrote: > On Fri, 22 Nov 2002 11:04:09 -0000 > "Oelkers, Dennis" <OelkersD@logica.com> wrote: > > OD> I don't want to give you a step-by-step tutorial how to set up a jailed > OD> apache, but > OD> a good start is the jail(8) manpage ... > > You're quite right, but I have EVERYTHING works ok for now, EXCEPT virtual hosts with https. Google shows nothing relevant on "jail https virtual". That's a tricky one. HTTPS virtual hosts have to be IP virtual hosts rather than Name virtual hosts due to the nature of the HTTPS protocol. (The HTTP header that tells the webserver which virtual host to direct the request to is part of the encrypted payload, and can only be decrypted using the keys from the correct virtual host. Catch 22, unless you can distinguish between the virtual hosts by some other means, ie. IP number.) Since a jail(8) by default only allows one IP number, that means only one HTTPS server per jail. However patches to support a range of IP numbers per jail have been posted to freebsd-hackers@ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=219925+0+/usr/local/www/db/text/2002/freebsd-hackers/20020623.freebsd-hackers Use at your own risk. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021122131247.GB30135>