Multiple SSL w/ Multiple Internal IP's

Discussion in 'Installation/Configuration' started by quest, Sep 17, 2012.

  1. quest

    quest New Member

    Hello,

    I run: Ubuntu 12.04, Ispconfig 3, Amazon EC2 in VPC.

    I've successfully

    1) Added several internal IP addresses to the Network Interface (per manual 5.18):

    Code:
    # ifconfig
    eth0      Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
              inet addr:10.0.0.15  Bcast:10.0.0.255  Mask:255.255.255.0
              inet6 addr: fe80::8c3:f2ff:fef5:c82d/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:117236 errors:0 dropped:0 overruns:0 frame:0
              TX packets:44138 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:156602804 (156.6 MB)  TX bytes:5148130 (5.1 MB)
              Interrupt:27
    
    eth0:1    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
              inet addr:10.0.0.110  Bcast:10.0.0.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:27
    
    eth0:2    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
              inet addr:10.0.0.167  Bcast:10.0.0.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              Interrupt:27
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:1138 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1138 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:89528 (89.5 KB)  TX bytes:89528 (89.5 KB)
    
    2) Manually updated Ispconfig with the internal ip addresses (per manual 4.9.2.3)

    3) Created an SSL site (per manual 5.4) pointing to internal ip address 10.0.0.110

    4) Implemented a public ip address that points to the eth0 internal ip address 10.0.0.15

    Upon visiting port 80 of the new site I receive the standard Apache HTML= "It works!" Indicating the site is not routed to its domain folder. Upon visiting port 443 of the site I receive an ssl error = "SSL connection error. Unable to make a secure connection to the server".

    An additional site set up utilizing the second ip address 10.0.0.167 and not using ssl also displays the apache index.html.

    Any Ideas about what may be the issue here?

    Thank you.
     
    Last edited: Sep 17, 2012
  2. quest

    quest New Member

    Ok. I figured this out. Ill post some info here because I notice this thread is already ranking high for searches including: Multiple SSL certificates Ispconfig Amazon EC2 running in VPC.

    The Ispconfig manual does a very good job outlining the steps to set up additional internal ip adresses - which are required for running more than one SSL certificate on a single server (EC2 instance in this case).

    If you require multiple internal ip address on an Amazon ec2 instance this article is a very good starting point:
    http://about.silkapp.com/page/Multiple IP addresses on Amazon EC2

    My above post was nearly correct - but I was trying to use only one external IP address mapped to several unique internal IP addresses.

    I'm not sure if this is possible.

    My work around included assigning additional External IP addresses to each internal IP address that requires an SSL certificate. In this case I attached an additional external IP address to the internal IP address 10.0.0.110.

    It is important to note that you use internal ip addresses to initiate the website and ssl certificate in Ispconfig and an External IP address for DNS purposes.
     
    Last edited: Sep 17, 2012
  3. DaRKNeSS666NL

    DaRKNeSS666NL Member HowtoForge Supporter

    I am working on putting 2 extra IPv4 up for use with 2 websites that need SSL I have configured these 2 in network interfaces like this:

    Code:
    | # The primary network interface
     #allow-hotplug eth0
     #iface eth0 inet dhcp
     auto eth0
     iface eth0 inet static
             address xx.xxx.244.62
             netmask 255.255.255.0
             network xx.xxx.244.0
             broadcast xx.xxx.244.255
             gateway xx.xxx.244.254
     
     auto eth0:0
     iface eth0:0 inet static
             address xx.xxx.242.174
             netmask 255.255.255.255
             network xx.xxx.242.0
             broadcast xx.xxx.242.255
             gateway xx.xxx.242.254
     
     auto eth0:1
     iface eth0:1 inet static
             address xx.xxx.242.175
             netmask 255.255.255.255
             network xx.xxx.242.0
             broadcast xx.xxx.242.255
             gateway xx.xxx.242.254
    
    And added them in the server settings if I restart the netwerk interface

    Code:
    server1:~# /etc/init.d/networking restart
    Reconfiguring network interfaces...if-up.d/mountnfs[eth0]: waiting for interface eth0:0 before doing NFS mounts (warning).
    if-up.d/mountnfs[eth0]: waiting for interface eth0:1 before doing NFS mounts (warning).
    SIOCADDRT: No such process
    Failed to bring up eth0:0.
    SIOCADDRT: No such process
    Failed to bring up eth0:1.
    done.
    server1:~#
    As you can see the 2 ip's don't work, could it be that I must use also 2 internal ip for eth0:1 and eth0:0 and point the 2 external to those 2 internal?
    But there is not mention about this in the manual so I don't know how to do it.

    Also the data ceter has mentioned to use the loopback interface instead but as mentioned in the manual were not supposed to use this lines??
    TIA
     

Share This Page