From owner-freebsd-stable@FreeBSD.ORG Thu Jul 28 12:17:46 2005 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D96AD16A41F for ; Thu, 28 Jul 2005 12:17:46 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B3C843D46 for ; Thu, 28 Jul 2005 12:17:45 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ividqf@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j6SCHiv2048247 for ; Thu, 28 Jul 2005 14:17:44 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j6SCHiNC048246; Thu, 28 Jul 2005 14:17:44 +0200 (CEST) (envelope-from olli) Date: Thu, 28 Jul 2005 14:17:44 +0200 (CEST) Message-Id: <200507281217.j6SCHiNC048246@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG In-Reply-To: <42E8C6B3.8010002@bmby.com> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: Apache2 just listening to https? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2005 12:17:47 -0000 Uzi Klein wrote: > Oliver Fromme wrote: > > Uzi Klein wrote: > > > Actually, SSL can not be configured per name vhost. (or at least can not > > > work) > > > Because SSL handshake is used before http headers, it just can't be done. > > > > You can configure SSL perfectly fine per virtual host, > > provided that they have separate addresses. You can > > even use SSL for virtual hosts that share an address, > > if they listen on different ports (in this case you > > can use redirects for convenience, so users don't have > > to type the port numbers). > > > > It's correct that SSL doesn't work for pure name-based > > virtual hosts (not using "special tricks"), but nobody > > was talking about that. > > > > note the *name vhost* Only _you_ were talking about named virtual hosts. :-) They are not an issue in this case. > and the user's conf. The user's configuration, as far as it has been (partially) shown, contains just two virtual hosts which run on different ports (port 80 for for HTTP and port 443 for HTTPS). So name-based virtual hosts are _not_ an issue here. Name-based virtual hosts would be a problem if you run multiple of them on the same IP address _and_ on the same port with SSL (usually 443). That's not the case here. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-hackers mailing list.