HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=18)
-   -   multiple ssl sites (http://www.howtoforge.com/forums/showthread.php?t=38188)

blocker 13th August 2009 16:31

multiple ssl sites
 
Hello,

is it possible with some hardcore apache config change to have multiple ssl sites running on ispc2 server?
I have noticed that the ispc3 can do that.

Thanks!

till 13th August 2009 17:05

You can run as many SSL sites in ispconfig 2 as you like. Just add as many IP addresses as you need SSL sites and then assign one IP per ssl site. Exactly as it is done in ispconfig 3.

greenpete 4th December 2009 06:13

Quote:

Originally Posted by till (Post 201017)
You can run as many SSL sites in ispconfig 2 as you like. Just add as many IP addresses as you need SSL sites and then assign one IP per ssl site. Exactly as it is done in ispconfig 3.

I guess by 'add as many IP addresses as you need' you mean internal IP's?
If so do you need to configure the routers firewall to point to port 80 as well as to the main IP of the server?
Thanks.

Ben 4th December 2009 12:55

No the external IP is meant or let's say the IP the browser will connect to.
So different ssl hosts are only possible if you can provide a different ip and port combination per cert, e.g.
1.2.3.4 Port 443 -> CERT1 / Host 1
1.2.3.4 Port "444" -> CERT 2 / Host 2
1.2.3.5 Port 443 -> CERT 3 / Host 3.

So in case you have your ispconfig behind a router you need to have as many official IPs as you need + forwarding / NATing them to the appropriate internal address.

greenpete 5th December 2009 00:43

Quote:

Originally Posted by Ben (Post 212711)
No the external IP is meant or let's say the IP the browser will connect to.
So different ssl hosts are only possible if you can provide a different ip and port combination per cert, e.g.
1.2.3.4 Port 443 -> CERT1 / Host 1
1.2.3.4 Port "444" -> CERT 2 / Host 2
1.2.3.5 Port 443 -> CERT 3 / Host 3.

So in case you have your Ispconfig behind a router you need to have as many official IPs as you need + forwarding / NATing them to the appropriate internal address.

So let me get this straight, I have only one external IP address, but that's all I need?
I am behind a NAT firewall and I can port forward.
So I set up the website in question with it's own internal IP say 192.168.0.100 and I set the port in ISPConfig for that site to say 445, though I can't see where I would do that.
Then set a port forward on my router to send and requests for the domain in question to that port and ISPConfig will do the rest, have I got that right?
Thanks.

falko 5th December 2009 15:09

The HTTPS port (443) is hardcoded in ISPConfig 2, so you cannot change it.

Ben 7th December 2009 14:40

So in thise case you need more than one IP-Adresses to set up different ssl sites.
Another alternative would be the use only one ssl site and use this as proxy for others.
E.g. you have https://sslproxy.yourdomain.com and set up a proxy that proxies sth. like https://sslproxy.yourdomain.com/sslcuostmer1 to whatsoever internally.

TheBirdMan 22nd June 2010 03:13

adding a second IP
 
Hi,

This is probably a silly question but I must be missing a step. :confused:

I configured a second public IP to point to a second private IP (ispconfig 2) on the same server. Added it under settings and then selected the site I want to use the additional ssl cert for.

10.0.0.1 -> 192.168.1.100 server1/website1
10.0.0.2 -> 192.168.1.101 server1/website2

Not working because it can't find the second private IP i addeed (can't ping it). Does it magically work under the primary IP or do I need to somehow add the second ip to the NIC?

Any help would be greatly appreciated.

Scott

till 22nd June 2010 11:37

You have to add the second IP also to your network card, otherwise your server will not listen on that IP.

TheBirdMan 25th June 2010 19:42

valid ssl cert for webmail
 
That worked great thanks,

One last question -

The sites in isp manager are using valid certs now but how do I replace the cert for webmail and secure mail https://mail.mydomain.com:81/webmail and ports 995 and 465? every things working with server generated certs but I need to replace them with a verified one.

Thank you guys again for your support,

Scott


All times are GMT +2. The time now is 12:15.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.