On 2015-05-01 20:02, Samuel Penn wrote:
On Friday 01 May 2015 19:56:29 Neil Stone wrote:
Https and name based vhosts don't mix well... that's the first thing
I
found that was causing me issues.
I will dig out my notes from last time I did this....
Yep. The URL used to access the web server is encrypted by the https,
so until Apache decrypts it, it doesn't know which virtual host to
forward the request to.
The SSL configuration is on a per virtual host basis, so until it
knows the virtual host, it can't decrypt it.
Don't forget the TLS SNI (Server Name Indication) handshake extension -
its been in OpenSSL and others for around 10 years now and is supported
by all major browsers, simply put it allows the client to send the
host/servername along with initial handshake such that multiple https
(or any other tls encapsulated protocol) vhosts can be served from the
same port & ip address. it is also supported by most servers which in
turn use OpenSSL so Apache, Cherokee, Nginx etc etc :)
Paul
--
Core Internet Limited T +44(0)1329 800 300
https://www.coreinternet.net/ F +44(0)1329 800 301
#-------------( AS44345 / AS39126 )---------------#
--
Please post to: [email protected]
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
