From owner-freebsd-questions Fri Nov 22 7:13:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FD7037B401 for ; Fri, 22 Nov 2002 07:13:37 -0800 (PST) Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by mx1.FreeBSD.org (Postfix) with SMTP id CFBD243E91 for ; Fri, 22 Nov 2002 07:13:30 -0800 (PST) (envelope-from perisa@porsche.de) Received: (qmail 6992 invoked from network); 22 Nov 2002 15:21:46 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 22 Nov 2002 15:21:46 -0000 Received: (qmail 6499 invoked from network); 22 Nov 2002 15:12:57 -0000 Received: from beastie.ibd.porsche.de (HELO porsche.de) (141.36.3.29) by smtp4cli.ibd.porsche.de with SMTP; 22 Nov 2002 15:12:57 -0000 Message-ID: <3DDE4B66.1040102@porsche.de> Date: Fri, 22 Nov 2002 16:21:10 +0100 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020709 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: Alex Povolotsky Cc: Allan Jude <937863@primus.ca>, freebsd-questions@FreeBSD.ORG, quak@mydiax.ch, Danny.Carroll@mail.ing.nl Subject: Re: jailed virtual https, anyone? References: <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122155027.7f694357.tarkhil@webmail.sub.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [redirecting to questions because it isn't a discussion about security. It is a config problem.] Hi Alex, Alex Povolotsky wrote: > On Fri, 22 Nov 2002 07:07:41 -0500 > "Allan Jude" <937863@primus.ca> wrote: > > AJ> What seems to be the problem with the virtual hosts? > AJ> You're quite right, but I have EVERYTHING works ok for now, EXCEPT > AJ> virtual hosts with https. Google shows nothing relevant on "jail https > AJ> virtual". > > Oh, quite simple. > > https cannot be configured with name-based virtual hosts, by design. jepp. > jail cannot be configured for more than one IP address, by design. > (don't ask me to wait until jail-ng will be ready) jepp. > Jail sits on internal IP, on lo0. fxp0 holds real IP addresses to be accessed from outside. > I'm forwarding incoming connection to jail, currently with ipnat. I need to pass information > about real (outside) IP to mod_ssl. That is my problem. ? (I understand what you do - but not why ...) > > plain http works perfectly (name-based virthosts). jepp. Ok. Why don't you put every single jail with it's outside IP up and let it run there (binded to fxp0). What do you want to reach with that setup ? More security? Next possibility is to setup a https->http gateway on the external IP (binded to fxp0) and forward the un-encrypted requests over to the apache (name-based or whatever). https is designed that way that nobody should be in the middle. So this whole setup you described will not work. Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message