Hi
I need to run an SSL-protected web server for webmail plus an unprotected
web server for simple web pages and downloads on the same machine using the
same domain name and only one IP address.
It would be ok to refer to the protected one by the fully qualified domain
name, in this case "mail.domainname.com", and to the second simply by
"www.domainname.com". (Don't know if that will make it easier.)
Please look at the bottom for my questions.
-----------
The FAQ at www.modssl.org says:
Is it possible to provide HTTP and HTTPS with a single server?
Yes, HTTP and HTTPS use different server ports, so there is no direct
conflict between them. Either run two separate server instances (one binds
to port 80, the other to port 443) or even use Apache's elegant virtual
hosting facility where you can easily create two virtual servers which
Apache dispatches: one responding to port 80 and speaking HTTP and one
responding to port 443 speaking HTTPS.
The documentation at httpd.apache.org says:
Port-based vhosts
Setup: The server machine has one IP address (111.22.33.44) which resolves
to the name www.domain.tld. If we don't have the option to get another
address or alias for our server we can use port-based vhosts if we need a
virtual host with a different configuration.
Server configuration:
...
Listen 80
Listen 8080
ServerName www.domain.tld
DocumentRoot /www/domain
On Sun, May 25, 2003 at 11:19:40PM +0200, Niclas Arndt wrote:
If I understand correctly, running two instances of Apache 1.3.27 (as of SuSE 8.2 Pro), where one would bind to port 80 and the other to port 443 would be a solution.
But it's not necessary to run two seperate servers. If you compile apache yourself, running two seperate server is very easy, but is using the rpm package it's not (in the former case, some files are scattered around the system, while in the latter case everything will stay inside one directory).
1. Would I need to make a copy of the complete Apache directory and rename it? (Some posts in other lists suggest that is necessary as symbolic links didn't work for them.)
Only for self compiled apache, because it resides in a single directory.
2. How would I start this second instance? (Like: what start-up scripts and so on?)
apachectl in the respective directory :-)
A. With virtual hosts, would the use of "mail.domainname.com" and "www.domainname.com" be ok as host names for the two virtual hosts? It would be a nuisance to use the IP address:port...
Well, that depends on whether you use name-based or IP-based virtual hosts (or a mixture of both). :-)
B. What about security using virtual hosts? B1. Would this mean that Apache is only running one instance?
There will be several processes running, but anyone of them would be able to serve any request, yes.
B2. Could the SSL-protected part be compromised by access to the unprotected?
Not that I knew of. If you are concerned about it you could run two servers under different user IDs, and you should be safe.
C. What about stability and load (un-)balance? (In my case the web server would only be handling very little traffic.)
So why do you ask? :) It shouldn't make a difference if separate instances of apache are started, or not. Peter
participants (2)
-
Niclas Arndt
-
poeml@cmdline.net