Date: Fri, 22 Nov 2002 16:21:10 +0100 From: Marc Perisa <perisa@porsche.de> To: Alex Povolotsky <tarkhil@webmail.sub.ru> Cc: Allan Jude <937863@primus.ca>, freebsd-questions@FreeBSD.ORG, quak@mydiax.ch, Danny.Carroll@mail.ing.nl Subject: Re: jailed virtual https, anyone? Message-ID: <3DDE4B66.1040102@porsche.de> References: <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAAhnmDgV2EvUqm7WMtfEV72wEAAAAA@primus.ca> <20021122155027.7f694357.tarkhil@webmail.sub.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[redirecting to questions because it isn't a discussion about security. It is a config problem.] Hi Alex, Alex Povolotsky wrote: > On Fri, 22 Nov 2002 07:07:41 -0500 > "Allan Jude" <937863@primus.ca> wrote: > > AJ> What seems to be the problem with the virtual hosts? > AJ> You're quite right, but I have EVERYTHING works ok for now, EXCEPT > AJ> virtual hosts with https. Google shows nothing relevant on "jail https > AJ> virtual". > > Oh, quite simple. > > https cannot be configured with name-based virtual hosts, by design. jepp. > jail cannot be configured for more than one IP address, by design. > (don't ask me to wait until jail-ng will be ready) jepp. > Jail sits on internal IP, on lo0. fxp0 holds real IP addresses to be accessed from outside. > I'm forwarding incoming connection to jail, currently with ipnat. I need to pass information > about real (outside) IP to mod_ssl. That is my problem. ? (I understand what you do - but not why ...) > > plain http works perfectly (name-based virthosts). jepp. Ok. Why don't you put every single jail with it's outside IP up and let it run there (binded to fxp0). What do you want to reach with that setup ? More security? Next possibility is to setup a https->http gateway on the external IP (binded to fxp0) and forward the un-encrypted requests over to the apache (name-based or whatever). https is designed that way that nobody should be in the middle. So this whole setup you described will not work. Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DDE4B66.1040102>