strasznie wolny https
Lukasz Jokiel
Lukasz.Jokiel w klonex.com.pl
Wto, 27 Sty 2004, 22:44:46 CET
Robert 'dzeus' Graużenis (dzeus w zatorze.slupsk.pl) wrote:
> On Mon, Jan 26, 2004 at 11:47:23PM +0100, =?iso-8859-2?Q?=A3ukasz_C. _Jokiel?= wrote:
> > > Mam zrobione kilak wirtualek które lecą po https. Sęk w tym, że transfer
> > > po
> >
> > Oczywiście każdy SSL ma osobny IP globalny ?
>
> Oczywiście,że nie wszystkie virtuale na tym samym IP, jakie to ma
> znaczaenie?
A wiesz nie wiem na 100%, ale zwykle jeśli SSL to osobne IP, albo
jeśli 1 IP:
https://ssl.costam-costam.pl/stie1
https://ssl.costam-costam.pl/stie2
OK, zeby nie byc golosłownym tu jest FAQ:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html
A tu wycinek:
Why is it not possible to use Name-Based Virtual Hosting to identify
different SSL virtual hosts?
Name-Based Virtual Hosting is a very popular method of identifying different
virtual hosts. It allows you to use the same IP address and the same port
number for many different sites. When people move on to SSL, it seems
natural to assume that the same method can be used to have lots of different
SSL virtual hosts on the same server.
It comes as rather a shock to learn that it is impossible.
The reason is that the SSL protocol is a separate layer which encapsulates
the HTTP protocol. So the problem is that the SSL session is a separate
transaction that takes place before the HTTP session even starts. Therefore
all the server receives is an SSL request on IP address X and port Y
(usually 443). Since the SSL request does not contain any Host: field, the
server has no way to decide which SSL virtual host to use. Usually, it will
just use the first one it finds that matches the port and IP address.
You can, of course, use Name-Based Virtual Hosting to identify many non-SSL
virtual hosts (all on port 80, for example) and then you can have no more
than 1 SSL virtual host (on port 443). But if you do this, you must make
sure to put the non-SSL port number on the NameVirtualHost directive, e.g.
NameVirtualHost 192.168.1.1:80
Other workaround solutions are:
Use separate IP addresses for different SSL hosts. Use different port
numbers for different SSL hosts.
Więcej informacji o liście dyskusyjnej pld-users-pl