Certificates on separate IPs

Discussion in 'Installation/Configuration' started by dlikar, Jun 2, 2006.

  1. dlikar

    dlikar New Member

    In another thread I read that there is only one certificate possible for IP. My webserver is behind a firewall in a DMZ using private IP address. There is also a full NAT support on firewall enabled.

    If I assign different private IP address to each site would I be then able to create certificate for each site?

    Thanks in advance, Dejan
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, as long as every SSL website has its own IP, even if its a private IP.
     
  3. dlikar

    dlikar New Member

    I have changed IP on existing site from 192.168.2.98 to 192.168.2.97, now I am getting "Shared IP" page. NAT works OK, server responds to ping on 192.168.2.97, vhosts seems OK. Any idea?

    Dejan
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Is the IP address correct in Vhosts_ispconfig.conf?
     
  5. dlikar

    dlikar New Member

    This is a part of mine vhosts_ispconfig.conf file. I am changeing IP for istor.eu domain. It looks OK to me.

    ###################################
    #
    # ISPConfig vHost Configuration File
    # Version 1.0
    #
    ###################################
    #
    NameVirtualHost 192.168.2.97:80
    <VirtualHost 192.168.2.97:80>
    ServerName localhost
    ServerAdmin root@localhost
    DocumentRoot /var/www/sharedip
    </VirtualHost>
    NameVirtualHost 192.168.2.98:80
    <VirtualHost 192.168.2.98:80>
    ServerName localhost
    ServerAdmin root@localhost
    DocumentRoot /var/www/sharedip
    </VirtualHost>
    #
    #
    ######################################
    # Vhost: www.istor.si:80
    ######################################
    #
    #
    <VirtualHost 192.168.2.98:80>
    ServerName www.istor.si:80
    ServerAdmin webmaster@istor.si
    DocumentRoot /var/www/web1/web
    ServerAlias istor.si webmail.istor.si
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^webmail\.istor\.si [NC]
    RewriteRule ^/(.*) https://www.istor.si/horde/$1 [L,R]
    </VirtualHost>
    #
    <IfModule mod_ssl.c>
    <VirtualHost 192.168.2.98:443>
    ServerName www.istor.si:443
    ServerAdmin webmaster@istor.si
    DocumentRoot /var/www/web1/web
    ServerAlias istor.si webmail.istor.si
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    SSLEngine on
    SSLCertificateFile /var/www/web1/ssl/www.istor.si.crt
    SSLCertificateKeyFile /var/www/web1/ssl/www.istor.si.key
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^webmail\.istor\.si [NC]
    RewriteRule ^/(.*) https://www.istor.si/horde/$1 [L,R]
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    </VirtualHost>
    </IfModule>
    #
    #
    ######################################
    # Vhost: www.istor.eu:80
    ######################################
    #
    #
    <VirtualHost 192.168.2.97:80>
    ServerName www.istor.eu:80
    ServerAdmin webmaster@istor.eu
    DocumentRoot /var/www/web2/web
    ServerAlias istor.eu webmail.istor.eu
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web2/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web2/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web2/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web2/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web2/user/$1/web/$3
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^webmail\.istor\.eu [NC]
    RewriteRule ^/(.*) https://www.istor.eu/horde/$1 [L,R]
    </VirtualHost>


    Could it be something with router settings afterall. In my Zywall I have only 192.168.2.98 IP registered, the problem is that I can not have different IP-s on same MAC address. But router knows where to foward the request, othewise I woud not get the shared IP page?

    Dejan
     
  6. falko

    falko Super Moderator ISPConfig Developer

    To which site are you referring?
     
  7. dlikar

    dlikar New Member

    I am referring to the site www.istor.eu. I have changed IP back to the old one, so right now you can not see the results I am getting. If it would help in solveing the problem I can set up the new configuration.

    When using new configurtation the vhosts_ispconfig.conf file looks like the one in previous post.

    Dejan
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Does your router has more then one external IP that you can forward to different internal IP addresses?

    If not, you can not see more then one private IP from an external client and can not have more then one SSL site at all.
     
  9. dlikar

    dlikar New Member

    I do not agree with you. One global (external) address, multiple local (internal) addresses is a legal NAT configuration (multiple to one). If there would be something wrong with the router than I woud not get the "Shared IP" page.

    When using the new configuration other domains on old IP work fine.

    It would be nice to have separate public IPs for each hosted domain :)

    Dejan
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    You can have multiple internal IP addresses, but you can not access them on the same port (SSL = port 443) from the outside!

    I guess you get the shared IP page, beacuse you forwarded port 443 from your router to the IP 192.168.2.98 and not 192.168.2.97


    Ask your provider :)
     

Share This Page