From owner-freebsd-security Mon Nov 25 5:13: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0565637B404 for ; Mon, 25 Nov 2002 05:13:07 -0800 (PST) Received: from mail.garnet.ru (mail.garnet.ru [195.209.63.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D30143EAF for ; Mon, 25 Nov 2002 05:13:00 -0800 (PST) (envelope-from ilya@martynov.org) Received: from abra.ru (ppp133.garnet.ru [195.209.59.133]) by mail.garnet.ru (8.11.6/8.11.3) with ESMTP id gAPDClH87499; Mon, 25 Nov 2002 16:12:48 +0300 (MSK) (envelope-from ilya@martynov.org) Received: by abra.ru (Postfix, from userid 1000) id 98F68B558; Mon, 25 Nov 2002 16:08:11 +0300 (MSK) From: Ilya Martynov To: Alex Povolotsky Cc: "Allan Jude" <937863@primus.ca>, freebsd-security@FreeBSD.ORG, quak@mydiax.ch, Danny.Carroll@mail.ing.nl Subject: Re: jailed virtual https, anyone? References: <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122155027.7f694357.tarkhil@webmail.sub.ru> X-GnuPG-ID: 1024D/323BDEE6 X-GnuPG-Fingerprint: D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 In-Reply-To: <20021122155027.7f694357.tarkhil@webmail.sub.ru> (Alex Povolotsky's message of "Fri, 22 Nov 2002 15:50:27 +0300") Date: Mon, 25 Nov 2002 16:08:11 +0300 Message-ID: <871y5994qs.fsf@abra.ru> Lines: 27 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> On Fri, 22 Nov 2002 15:50:27 +0300, Alex Povolotsky said: AP> https cannot be configured with name-based virtual hosts, by AP> design. jail cannot be configured for more than one IP address, AP> by design. (don't ask me to wait until jail-ng will be ready) AP> Jail sits on internal IP, on lo0. fxp0 holds real IP addresses to AP> be accessed from outside. I'm forwarding incoming connection to AP> jail, currently with ipnat. I need to pass information about real AP> (outside) IP to mod_ssl. That is my problem. AP> plain http works perfectly (name-based virthosts). AP> I'm using mod_ssl, but not restricted to it. You can do virtual hosting with https with only one IP. The trick is using different port numbers for each virtual host. Outside of jaul you can forward these ports on a set of external IP using standart port. -- Ilya Martynov, ilya@iponweb.net CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message