HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Multiple SSL w/ Multiple Internal IP's (http://www.howtoforge.com/forums/showthread.php?t=58740)

quest 17th September 2012 00:48

Multiple SSL w/ Multiple Internal IP's
 
Hello,

I run: Ubuntu 12.04, Ispconfig 3, Amazon EC2 in VPC.

I've successfully

1) Added several internal IP addresses to the Network Interface (per manual 5.18):

Code:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.15  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::8c3:f2ff:fef5:c82d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:117236 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:156602804 (156.6 MB)  TX bytes:5148130 (5.1 MB)
          Interrupt:27

eth0:1    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.110  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:27

eth0:2    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.167  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:27

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:89528 (89.5 KB)  TX bytes:89528 (89.5 KB)

2) Manually updated Ispconfig with the internal ip addresses (per manual 4.9.2.3)

3) Created an SSL site (per manual 5.4) pointing to internal ip address 10.0.0.110

4) Implemented a public ip address that points to the eth0 internal ip address 10.0.0.15

Upon visiting port 80 of the new site I receive the standard Apache HTML= "It works!" Indicating the site is not routed to its domain folder. Upon visiting port 443 of the site I receive an ssl error = "SSL connection error. Unable to make a secure connection to the server".

An additional site set up utilizing the second ip address 10.0.0.167 and not using ssl also displays the apache index.html.

Any Ideas about what may be the issue here?

Thank you.

quest 17th September 2012 03:53

Ok. I figured this out. Ill post some info here because I notice this thread is already ranking high for searches including: Multiple SSL certificates Ispconfig Amazon EC2 running in VPC.

The Ispconfig manual does a very good job outlining the steps to set up additional internal ip adresses - which are required for running more than one SSL certificate on a single server (EC2 instance in this case).

If you require multiple internal ip address on an Amazon ec2 instance this article is a very good starting point:
http://about.silkapp.com/page/Multip...20Amazon%20EC2

My above post was nearly correct - but I was trying to use only one external IP address mapped to several unique internal IP addresses.

I'm not sure if this is possible.

My work around included assigning additional External IP addresses to each internal IP address that requires an SSL certificate. In this case I attached an additional external IP address to the internal IP address 10.0.0.110.

It is important to note that you use internal ip addresses to initiate the website and ssl certificate in Ispconfig and an External IP address for DNS purposes.

DaRKNeSS666NL 3rd January 2013 16:49

Quote:

Originally Posted by quest (Post 285529)
My above post was nearly correct - but I was trying to use only one external IP address mapped to several unique internal IP addresses.

I'm not sure if this is possible.

My work around included assigning additional External IP addresses to each internal IP address that requires an SSL certificate. In this case I attached an additional external IP address to the internal IP address 10.0.0.110.

It is important to note that you use internal ip addresses to initiate the website and ssl certificate in Ispconfig and an External IP address for DNS purposes.

I am working on putting 2 extra IPv4 up for use with 2 websites that need SSL I have configured these 2 in network interfaces like this:

Code:

| # The primary network interface
 #allow-hotplug eth0
 #iface eth0 inet dhcp
 auto eth0
 iface eth0 inet static
        address xx.xxx.244.62
        netmask 255.255.255.0
        network xx.xxx.244.0
        broadcast xx.xxx.244.255
        gateway xx.xxx.244.254
 
 auto eth0:0
 iface eth0:0 inet static
        address xx.xxx.242.174
        netmask 255.255.255.255
        network xx.xxx.242.0
        broadcast xx.xxx.242.255
        gateway xx.xxx.242.254
 
 auto eth0:1
 iface eth0:1 inet static
        address xx.xxx.242.175
        netmask 255.255.255.255
        network xx.xxx.242.0
        broadcast xx.xxx.242.255
        gateway xx.xxx.242.254

And added them in the server settings if I restart the netwerk interface

Code:

server1:~# /etc/init.d/networking restart
Reconfiguring network interfaces...if-up.d/mountnfs[eth0]: waiting for interface eth0:0 before doing NFS mounts (warning).
if-up.d/mountnfs[eth0]: waiting for interface eth0:1 before doing NFS mounts (warning).
SIOCADDRT: No such process
Failed to bring up eth0:0.
SIOCADDRT: No such process
Failed to bring up eth0:1.
done.
server1:~#

As you can see the 2 ip's don't work, could it be that I must use also 2 internal ip for eth0:1 and eth0:0 and point the 2 external to those 2 internal?
But there is not mention about this in the manual so I don't know how to do it.

Also the data ceter has mentioned to use the loopback interface instead but as mentioned in the manual were not supposed to use this lines??
TIA


All times are GMT +2. The time now is 07:47.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.