https://wiki.uniformserver.com/index.php?title=SSL_Part_1:_Multi-Websites_2&feed=atom&action=historySSL Part 1: Multi-Websites 2 - Revision history2024-03-29T04:52:45ZRevision history for this page on the wikiMediaWiki 1.41.0https://wiki.uniformserver.com/index.php?title=SSL_Part_1:_Multi-Websites_2&diff=3107&oldid=prevRic: New page: <span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000"> {| | MPG UniCenter || SSL Part 1 Extra: Home ...2008-06-09T17:46:26Z<p>New page: <span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000"> {| | <a href="/File:Uc_small_logo.gif" title="File:Uc small logo.gif"> MPG UniCenter</a> || SSL Part 1 Extra: <a href="/SSL_Part_1:_Home" title="SSL Part 1: Home"> Home</a> ...</p>
<p><b>New page</b></p><div><span id="top"></span><br />
<div style="padding:0;margin:0; border-bottom:3px inset #000000"><br />
{| <br />
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||<br />
SSL Part 1 Extra:<br />
[[SSL Part 1: Home | Home]] | <br />
[[SSL Part 1: Multi-Websites 1 | Multi-Websites 1]] | <br />
[[SSL Part 1: Multi-Websites 2 | Multi-Websites 2]] | <br />
[[SSL Part 1: Debug VHost | Debug VHost]] <br />
|}<br />
</div><br />
{| cellpadding="2"<br />
|<br />
__TOC__<br />
||<br />
'''mod_ssl Multi-Websites 2'''<br>Uniform Server 3.5-Apollo'''<br />
|}<br />
<br />
'''Securing multi-websites using virtual hosts on a single IP address.'''<br />
<br />
You may prefer to run your SSL sites on the same IP address, but using different ports. There is a problem with this method users of your sites will have to specify the port number in the URL this is not the case when using the default port. You may find this method acceptable hence the reason for including it. Normally a user reaches a secure site from an un-secured page using a link, if you use this method adding a port number to the link will not be a problem for a user.<br />
<br />
== Basic Structure ==<br />
The global SSL section remains unchanged remember to add as may listening ports as there are virtual hosts, make sure you do not select a port that is in use otherwise Apache will not start.<br />
<br />
{| cellpadding="2" cellspacing="1" style="background:#000000;"<br />
|-style="background:#f5f5f5;"<br />
|<br />
<nowiki>##################################&nbsp;Global&nbsp;SSL&nbsp;######################################</nowiki><br><br />
Listen 453<br><br />
AddType application/x-x509-ca-cert .crt<br><br />
AddType application/x-pkcs7-crl .crl<br><br />
SSLPassPhraseDialog builtin<br><br />
SSLSessionCache shmcb:logs/ssl_scache(512000)<br><br />
SSLSessionCacheTimeout 300<br><br />
SSLMutex default<br><br />
SSLRandomSeed startup builtin<br><br />
SSLRandomSeed connect builtin<br />
|<br />
The first line instructs Apache to listen on port 453 corresponding to the virtual host defined below. When selecting ports make sure they are not in use on your machine otherwise Apache will not start.<br />
<br />
Each new Vhost must have a corresponding listening port.<br />
|}<br />
<br />
Each virtual host will look similar to this:<br />
<br />
{| cellpadding="2" cellspacing="1" style="background:#000000;"<br />
|-style="background:#f5f5f5;"<br />
|<br />
<nowiki>###########&nbsp;SSL&nbsp;Virtual&nbsp;Host&nbsp;############################</nowiki><br><br />
'''NameVirtualHost *:453'''<br />
|<br />
This instructs Apache the following Vhost block is associated with any IP address (* wildcard) on port 453.<br />
|-style="background:#f5f5f5;"<br />
|<br />
<VirtualHost '''_default_:453'''><br><br />
ServerName site4.unicenter.gotdns.org<br><br />
DocumentRoot /www/site4<br><br />
SSLEngine on<br><br />
SSLCipherSuite&nbsp;ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL&nbsp;<br><br />
SSLProtocol all -SSLv2<br><br />
SSLCertificateFile conf/ssl.crt/server.crt<br><br />
SSLCertificateKeyFile conf/ssl.key/server.key<br><br />
</VirtualHost><br />
|<br />
There is only one Vhost associate with this block hence we make it the default note the port number must be included.<br />
<br />
Each block contains the SSL directives, if you wish to add authentication see previous page for details.<br />
|}<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
== Complete example ==<br />
For this example I am using sites as defined on the previous page. If you wish you can add authentication blocks.<br />
<br />
To save typing use file ''''''ssl.conf3.txt'''''' (see folder www/test_multi) rename it '''ssl.conf''' and edit to your specific requirements. <br />
<br />
I have highlighted changes in bold:<br />
<br />
{| cellpadding="2" cellspacing="1" style="background:#000000;"<br />
|- style="background:#e8e8e8;"<br />
!&nbsp;&nbsp;''New''&nbsp;&nbsp;<br />
|- style="background:#f5f5f5;"<br />
|<br />
<nowiki>#################### Global SSL ########################</nowiki><br><br />
'''Listen 453'''<br><br />
'''Listen 454'''<br><br />
'''Listen 455'''<br><br />
AddType application/x-x509-ca-cert .crt<br><br />
AddType application/x-pkcs7-crl .crl<br><br />
SSLPassPhraseDialog builtin<br><br />
SSLSessionCache shmcb:logs/ssl_scache(512000)<br><br />
SSLSessionCacheTimeout 300<br><br />
SSLMutex default<br><br />
SSLRandomSeed startup builtin<br><br />
SSLRandomSeed connect builtin<br />
|- style="background:#f5f5f5;"<br />
|<br />
<nowiki>########### SSL Virtual Host ############################</nowiki><br />
|- style="background:#f5f5f5;"<br />
|<br />
NameVirtualHost '''*:453'''<br><br />
<VirtualHost '''_default_:453'''><br><br />
&nbsp;&nbsp;ServerName site4.unicenter.gotdns.org<br><br />
&nbsp;&nbsp;DocumentRoot /www/site4<br><br />
&nbsp;&nbsp;SSLEngine on<br><br />
&nbsp;&nbsp;SSLCipherSuite&nbsp;ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL&nbsp;<br><br />
&nbsp;&nbsp;SSLProtocol all -SSLv2<br><br />
&nbsp;&nbsp;SSLCertificateFile conf/ssl.crt/server.crt<br><br />
&nbsp;&nbsp;SSLCertificateKeyFile conf/ssl.key/server.key<br><br />
</VirtualHost><br />
|- style="background:#f5f5f5;"<br />
|<br />
NameVirtualHost '''*:454'''<br><br />
<VirtualHost '''_default_:454'''><br><br />
&nbsp;&nbsp;ServerName site5.unicenter.gotdns.org<br><br />
&nbsp;&nbsp;DocumentRoot /www/site5<br><br />
&nbsp;&nbsp;SSLEngine on<br><br />
&nbsp;&nbsp;SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br><br />
&nbsp;&nbsp;SSLProtocol all -SSLv2<br><br />
&nbsp;&nbsp;SSLCertificateFile conf/ssl.crt/server.crt<br><br />
&nbsp;&nbsp;SSLCertificateKeyFile conf/ssl.key/server.key<br><br />
</VirtualHost><br />
|- style="background:#f5f5f5;"<br />
|<br />
NameVirtualHost '''*:455'''<br><br />
<VirtualHost '''_default_:455'''><br><br />
&nbsp;&nbsp;ServerName site6.unicenter.gotdns.org<br><br />
&nbsp;&nbsp;DocumentRoot /www/site6<br><br />
&nbsp;&nbsp;SSLEngine on<br><br />
&nbsp;&nbsp;SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br><br />
&nbsp;&nbsp;SSLProtocol all -SSLv2<br><br />
&nbsp;&nbsp;SSLCertificateFile conf/ssl.crt/server.crt<br><br />
&nbsp;&nbsp;SSLCertificateKeyFile conf/ssl.key/server.key<br><br />
</VirtualHost><br />
|}<br />
<br />
'''''Note''''': The virtual hosts may have different certificates and keys specified, this will provide each site with both authentication and encryption.<br />
<br />
'''''[[#top | Top]]'''''<br />
== Test ==<br />
Save the file, restart your servers and run the following tests, note the results:<br />
<br />
# Type <nowiki>https://site4.unicenter.gotdns.org:453</nowiki> into your browser<br />
# Type <nowiki>https://site5.unicenter.gotdns.org:454</nowiki> into your browser<br />
# Type <nowiki>https://site6.unicenter.gotdns.org:455</nowiki> into your browser<br />
# Type <nowiki>https://fred.unicenter.gotdns.org/</nowiki> into your browser<br />
<br />
All the sites require a port number test 4 defaults to 443.<br />
<br />
'''''Note''''': Before repeating a test always re-start your browser (clears the sessions)<br />
<br />
== Conclusion ==<br />
In this extra information section I have shown you how easy it is to use mod_ssl to secure a personal web server. If you want to go to the trouble and expense you can use real signed certificates, there is a lot of information on the Internet describing this process.<br />
<br />
While writing the virtual host sections I inadvertently introduced several syntax errors that prevented Apache from running, on the final page I describe a few [[SSL Part 1: Debug VHost | debugging techniques]].<br />
<br />
'''''[[#top | Top]]'''''<br />
<br />
----<br />
<br />
{| <br />
| [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]]<br />
|}<br />
<br />
[[Category: UniCenter]]<br />
[[Category: Support]]<br />
[[Category: Installation]]<br />
[[Category: Application]]<br />
[[Category: Development]]</div>Ric