From owner-freebsd-stable Sat Nov 23 3:20: 8 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CC1837B401 for ; Sat, 23 Nov 2002 03:20:06 -0800 (PST) Received: from mail.iskon.hr (inje.iskon.hr [213.191.128.16]) by mx1.FreeBSD.org (Postfix) with SMTP id 1AF0E43EA9 for ; Sat, 23 Nov 2002 03:18:40 -0800 (PST) (envelope-from zec@tel.fer.hr) Received: (qmail 14421 invoked from network); 23 Nov 2002 12:18:25 +0100 Received: from zg03-115.dialin.iskon.hr (HELO tel.fer.hr) (213.191.135.116) by mail.iskon.hr with SMTP; 23 Nov 2002 12:18:25 +0100 Message-ID: <3DDF63FC.CD65A76B@tel.fer.hr> Date: Sat, 23 Nov 2002 12:18:20 +0100 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Seaman Cc: FreeBSD-Stable Mailing List Subject: Re: jailed virtual https, anyone? References: <0F232CC93A58D6119C1600B0D0799B817CE703@hamsrvmx03.logica.co.uk> <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122131247.GB30135@happy-idiot-talk.infracaninophi> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matthew Seaman wrote: > On Fri, Nov 22, 2002 at 02:59:47PM +0300, Alex Povolotsky wrote: > > On Fri, 22 Nov 2002 11:04:09 -0000 > > "Oelkers, Dennis" wrote: > > > > OD> I don't want to give you a step-by-step tutorial how to set up a jailed > > OD> apache, but > > OD> a good start is the jail(8) manpage ... > > > > You're quite right, but I have EVERYTHING works ok for now, EXCEPT virtual hosts with https. Google shows nothing relevant on "jail https virtual". > > That's a tricky one. HTTPS virtual hosts have to be IP virtual hosts > rather than Name virtual hosts due to the nature of the HTTPS > protocol. (The HTTP header that tells the webserver which virtual > host to direct the request to is part of the encrypted payload, and > can only be decrypted using the keys from the correct virtual host. > Catch 22, unless you can distinguish between the virtual hosts by some > other means, ie. IP number.) > > Since a jail(8) by default only allows one IP number, that means only > one HTTPS server per jail. However patches to support a range of IP > numbers per jail have been posted to freebsd-hackers@ You can easily run multiple https servers inside a vimage partition if you wish, see http://www.tel.fer.hr/zec/BSD/vimage/ Marko To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message