Date: Sat, 23 Nov 2002 12:18:20 +0100 From: Marko Zec <zec@tel.fer.hr> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: FreeBSD-Stable Mailing List <freebsd-stable@FreeBSD.ORG> Subject: Re: jailed virtual https, anyone? Message-ID: <3DDF63FC.CD65A76B@tel.fer.hr> References: <0F232CC93A58D6119C1600B0D0799B817CE703@hamsrvmx03.logica.co.uk> <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122131247.GB30135@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > On Fri, Nov 22, 2002 at 02:59:47PM +0300, Alex Povolotsky wrote: > > On Fri, 22 Nov 2002 11:04:09 -0000 > > "Oelkers, Dennis" <OelkersD@logica.com> wrote: > > > > OD> I don't want to give you a step-by-step tutorial how to set up a jailed > > OD> apache, but > > OD> a good start is the jail(8) manpage ... > > > > You're quite right, but I have EVERYTHING works ok for now, EXCEPT virtual hosts with https. Google shows nothing relevant on "jail https virtual". > > That's a tricky one. HTTPS virtual hosts have to be IP virtual hosts > rather than Name virtual hosts due to the nature of the HTTPS > protocol. (The HTTP header that tells the webserver which virtual > host to direct the request to is part of the encrypted payload, and > can only be decrypted using the keys from the correct virtual host. > Catch 22, unless you can distinguish between the virtual hosts by some > other means, ie. IP number.) > > Since a jail(8) by default only allows one IP number, that means only > one HTTPS server per jail. However patches to support a range of IP > numbers per jail have been posted to freebsd-hackers@ You can easily run multiple https servers inside a vimage partition if you wish, see http://www.tel.fer.hr/zec/BSD/vimage/ Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DDF63FC.CD65A76B>