I am trying to set up two virtual hosts served over SSL on Apache in Amazon AWS environment.
I understand that SSL cannot use Name Virtual Host on Apache unless:
* I bind two IPs to Apache each serving a separate virtual host. Unfortunately, AWS does not allow me to bind more than one public IP to each EC2 machine
* or I use SNI (server name identification) which does not work for IE6 or WinXP (all browsers).
Is my understanding correct?
If yes, what are my options on AWS where I cannot bind two IPs and if I want to server my site to WinXP and IE6?
The only thing I can think of setting up two new micro instances with proxy servers each serving each instance and the forwarding to the actual server.
Is there a better option?
I'm using UCC for several sites using one IP.
See also this thread:
SSL on a single server for multiple web sites
Related
I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address.
Apache Tomcat 9 is installed and Apache2 Http Server is installed too.
My purpose is that Apache Tomcat 9 must run on 192.168.56.15:8080,
while Apache2 Http Server must run on 192.168.56.10:80.
The /etc/hosts file in my Linux is:
#
192.168.56.10 www.example.com
192.168.56.15 openam.example.com
#
The C:\Windows\System32\drivers\etc\hosts is the same.
In short I'm trying to setup a small development enviroment for Identity and Access Managment using the Forgerock's AM solution. That software has to be deployed as a .war file (openam.war) in Tomcat /webapps and it will be mapped as openam.example.com, and I want this service run on
192.168.56.15:8080/openam;
So my problem is that I want two different services responding two different interfaces but running on the same Virtual machine.
I want that only if i type 192.168.56.15:8080 or openam.example.com:8080 I recive a respond from Tomcat, but if I type 192.168.56.15:80 or openam.example.com:80 Apache Http Server doesn't have to respond. Apache Http Server have to respond only on 192.168.56.10:80 or www.example.com.
In this way I can have like two different machines one with the web server and one with the application server, responding on two different IP addresses and hostname, but running on the same machine.
Thanks for help!
You could have 2 IPs but what's the point in doing so?
I find it rather pointless to have 2 separate IPs for 2 different services on the same machine (e.g tomcat on 1 / HTTP server on the other) for a development environment inside a VM. Port handling will be handled by the operating system itself and route the request to the open port.
Keep in mind that browsers will try to connect http:// calls on port 80 by default - so unless you type 8080 into the URL the browser it is just going to use port 80.
If you do not want calls to openam.example.com to come in on port 80, the simplest way round it is to use a htaccess rule that implements a rewrite for any request that contains openam.example.com (or just anything in a subdomain portion) on port 80 to be rewritten to the appropriate URL.
I have a HTTPS website hosted by IIS. In this site I embed another HTPPS website within a iframe. The content of this iframe is hosted by Apache. Both servers, IIS and Apache, are on the same server.
Do we need to have the same SSL certificates on both webservers?
The first listens on port 8443 and the second one on port 443. Do we need to separate public IPs? Is there another way to root internally?
How would be the proper setup having two different webservers (IIS, embeded Apache) and only one external IP?
Do we need to have the same SSL certificates on both webservers?
No, you could bind different SSL certifcate if you bind different domain for your IIS or apache server.
The first listens on port 8443 and the second one on port 443. Do we need to separate public IPs? Is there another way to root internally?
No, we access the site by using the same ip with different ports.
How would be the proper setup having two different webservers (IIS, embeded Apache) and only one external IP?
In my opinion, the only things is that you should make sure the port is free for each web server.
For example, if IIS use 80, the Apache couldn't use 80.
I am running two web-server in one AWS instance, One Lamp stack apache(a.com) and a Bitnami's apache(b.com). Apache is using port 80 which is my default port and Bitnami is using port 8080. How can I point two domains to the same instance so that it will show up the content for a.com and b.com. And same time the port number shouldn't be visible out side. I tried with virtual-host found out its impossible since I have a separate virtual host file for Bitmani.
Both servers should serve the same content using same website but with different virtual host configuration files ??
Instead of using two webservers, increase the cpu and core capacity and enable worker MPM and increase process count and use virtual host configuration with two different ports.
I have a dedicated server with 16 IPs. I wanted to know if its possible to install multiple web servers running off the different IPs. What would be the best way to do this? (I believe its possible, because how do web host reseller sites do it?). I am using CentOS 6. Thanks
Most host or resellers do not have one IP for each website; instead they use virtual hosts to allow one web server to serve multiple domains.
Once a process is listening on port (for example, port 80 which is HTTP) of an interface, that's it - you can't have another server or process listening on the same port.
As you have 16 IPs, you can run 16 servers - one listening on port 80 at each IP address.
Then further, each server can host multiple websites as virtual hosts.
You don't need 16 IPs though - you can host multiple websites using one IP.
I have tomcat installed and running on an ubuntu 12.04 LTS system utilizing port 443 for https requests (GeoTrust certificate installed).
On the same machine, apache2 responds to requests on port 80.
Now I was given to task to secure the webapps (php) running on apache2 with SSL as well, but with a different server certificate.
Is this possible at all? - My assumption would be "no", because I cannot have two servers listening on the same port, but I'm not too sure and haven't found any helpful information about this so far.
Any help would be highly appreciated..
These days, you'll still have difficulty serving more than one certificate on a single interface/port combination (e.g. 0.0.0.0:443). IF you want to use two separate ports for HTTPS, it's no problem. If you want to bind to different interfaces (e.g. 1.2.3.4:443 and 4.3.2.1:443) it's no problem. If you want them both on the same interface/port, you'll have to rely on Server Name Indication which may or may not be supported by your web server version and/or client.
If you want different certificates, you probably want different hostnames, too, so maybe you can get a second interface configured on the machine. Note that you don't need to have multiple NICs on the machine just to enable a different interface: your OS should be able to create another interface with a different IP address and still share the NIC. Then you just set DNS to point each hostname to a different IP address and make sure you bind each SSL VirtualHost to the proper IP address (instead of using 0.0.0.0 or * for the hostname).
Honestly, SNI is the easiest thing to do: just use VirtualHosts with SSL enabled (with different certs) in each one the way you'd "expect" it to work and see if the server starts up without complaint. If so, you'll need to test your clients to see if it's going to work for your audience. For the SNI scenario, I am assuming that Apache httpd would handle all of the SSL traffic and that you'd use something like mod_proxy_* or mod_jk to proxy to Tomcat.
For the split-IP scenarios, you can do whatever you want: terminate SSL within Tomcat or use httpd for everything and proxy for dynamic content to Tomcat.