On Sun, Jul 7, 2024 at 5:09 AM rexkogit...@gmx.at.INVALID <rexkogit...@gmx.at.invalid> wrote:
> Hi, > > well, Apache httpd uses SNI to decide which vhost to use. Otherwise, it > would not even be possible to have multiple TLS secured domains on the same > port. However, this is indeed possible, but you have to put the into > multiple vhosts. These vhosts can be as similar as they share everything > but the TLS certificate files and ServerNames. They can have the same > DocumentRoot and so on. > > Otherwise, you could also try Haproxy infront of Apache. Haproxy supports > SNI and can perform TLS offloading, so that the Apache webserver is to be > configured with HTTP only. > > Kind regards, > rexkogitans. > Am 05.07.24 um 16:28 schrieb Frank Gingras: > > > > On Fri, Jul 5, 2024 at 10:23 AM rexkogit...@gmx.at.INVALID > <rexkogit...@gmx.at.invalid> <rexkogit...@gmx.at.invalid> wrote: > >> Hi Michael, >> >> >> you can add any number of domain names to a TLS certificate. These >> entries are known as SAN (Subject Alternative Name). So, you want a single >> TLS certificate with multiple domain names instead of multiple TLS >> certificates each with a single domain name. >> >> >> Kind regards, >> rexkogitans >> Am 04.07.24 um 15:57 schrieb Frank Gingras: >> >> >> >> On Thu, Jul 4, 2024 at 8:44 AM Michael Osipov <micha...@apache.org> >> wrote: >> >>> Folks, >>> >>> please consider the following example: >>> > <VirtualHost *:443> >>> > ServerAdmin m...@example.com >>> > ServerName foo.example.com >>> > ServerAlias foo.sub.example.net >>> > DocumentRoot /usr/local/www/apache24/data >>> > ErrorLog "/var/log/apache/foo-ssl-errors.log" >>> > CustomLog "/var/log/apache/foo-ssl-access.log" common >>> > >>> > SSLEngine On >>> > SSLCertificateFile /etc/ssl/foo.example.com/cert.crt >>> > SSLCertificateKeyFile /etc/ssl/foo.example.com/key.crt >>> > SSLCertificateFile /etc/ssl/foo.sub.example.net/cert.crt >>> > SSLCertificateKeyFile /etc/ssl/foo.sub.example.net/key.crt >>> > >>> > Include "..." >>> > </VirtualHost> >>> >>> I'd like to run a single vhost serving the same content under multiple >>> FQDNs to the users >>> >>> As far as I understand mod_ssl it does not seem to support to have SNI >>> on a single vhost with multiple hostnames. I get error messages in the log >>> file. >>> I am running "Apache/2.4.59 (FreeBSD) OpenSSL/1.1.1w-freebsd". >>> FWIW: the same concept is support with Tomcat: One connector, one >>> default host, aliases and several SSLHostConfig elements. >>> Is the approach to run two vhosts here? I am sure that a SAN certificate >>> will do the trick, but for €€€ reasons I won' able to order one. >>> >>> Michael >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >>> >> In that case, define separate :443 vhosts for each name, and redirect to >> the main one. >> >> > > They already said that for price reasons, that consideration is not on the > table. > > That was literally was I suggested prior.
