Hi,

I hope somebody can guide me.

I currently have 1 server and 1 IP address and a working SSL cert for https. I have a few sites on this server all working fine and just one using SSL.

I want to add a another site with its own SSL cert which is possible by enabling 'Server Name Indication'. But 'Server Name Indication' does not work in IE and Windows XP so only 1 cert is possible.

After adding the site and purchasing an SSL cert for it, it works fine except if fails in IE and on XP which is a problem for me.


My thought is, purchasing a second IP address for my server and running this site from this second IP.

Is this possible?

Could I set this IP to use the second SSL cert.

And can I run the same disk image/stack between 2 addresses, just set apache to work with 2 IP addresses?


Thank you for any help.

_________________
Regards

Mark

I use apache vHosts, and it never gave me an error on IE, or XP, not even on a windows 2000 box in my school, and that was serving 8 SSL certs from a single IP..

But yea, 2 IP's is definitely possible and linode staff will allow you if they verify that you are actually hosting SSL sites off it.

Really? I thought browsers that used Windows APIs on XP (such as IE) were the primary example of setups that lack SNI ability. Was that fixed and I'm now operating on incorrect information?

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.

Yes, we do this for our sites with SSL's. We have three currently running on one Linode (along with many non-SSL sites). Each site with an SSL has its own IP address.

How you implement it depends on the distro and the control panel software that you're using.


MSJ

Thanks MSJ,

Once you set the network file and edited the <VirtualHost *:443> settings for specific IP addresses, did you need to change any other settings to keep http, SSL, and MySQL working? Did you have to hard code the IP in any other files?

_________________
Regards



Mark

Mark,
Your control panel software may make these changes for you (depending on what you're using).

We edited added a ifcfg-eth1 (and 2 and 3) file to the network-scripts folder (RHEL / Red hat / Fedora / CentOS - it's different on Debian / Ubuntu) and updated the vhosts files.

We did not have to do anything to any services (except restart apache after changing things). We did make sure that 443 wasn't blocked in iptables.

We did update out SPF records to allow for the additional IPs as outgoing mail possibilities.

Are you having any issues or are you just trying to do your homework to make sure you don't end up with any unexpected hurdles?


MSJ

Thank you.

Just asking many questions now before starting.

Dont have any control panel installed and will do everything from command line and ftp and don't use email on this server, so hopefully MySQL and other base services will continue to work on all interfaces as they did before?

_________________
Regards



Mark

MSJ, I have 2 sites that will each use its own SSL cert, but also 2 other small sites running on the same server.

How have you setup your Virtual hosts files to point to set IP addresses for some sites but none for other sites?

_________________
Regards



Mark

Mark,
For the sites that share the non-SSL IP we use this at the top of the vhost file:

<VirtualHost \
   111.222.333.444:80\
      >

For the sites with their own IP & SSL we use these in the vhost file:

<VirtualHost \
   555.666.777.888:80\
      >

&

<IfModule mod_ssl.c>

   <VirtualHost \
      555.666.777.888:443\
         >

MSJ

The services should all work fine without any intervention. IIRC we may have had to restart our VPS after adding the network changes so it could access the additional IP we were assigned.

Thanks MSJ,

Currently we have...

<VirtualHost *:80>
site 1....

<VirtualHost *:80>
site 2....

<VirtualHost *:80>
site 3....


<VirtualHost *:80>
site 4....

<VirtualHost *:443>
site1.... SSL


Once we get 2 fixed IPs what would we do with site 3 and 4, would we fix them to any IP?

<VirtualHost 1.2.3.4:80>
site 1....

<VirtualHost 5.6.7.8:80>
site 2....

<VirtualHost 1.2.3.4:80>
site 3....

<VirtualHost 1.2.3.4:80>
site 4....


<VirtualHost 1.2.3.4:443>
site1.... SSL

<VirtualHost 5.6.7.8:443>
site2.... SSL

_________________
Regards



Mark

Mark,
If you have 3 IPs: 1 for each SSL site and then one for the rest you'd want the shared IP in the vhost files for site 3 & 4 and not 1.2.3.4 (which you used in site 1).

I think you need the <if mod_ssl.c> with the <VirtualHost x.x.x.x:443> in the same vhosts file for sites 1 & 2 (each with their own IP address).


MSJ

Thanks again MSJ,

Currently I have 1 IP shared among 4 or 5 websites with only 1 have SSL. I will add a second IP giving only 2 in total.

I would like to use them to have 2 sites with SSL, each on a different IP, and the other 3 sites simply sharing port 80 on any of the IPs.

Would my setup shown above for the <VirtualHost ...> allow for this where I just put the other 3 sites in any IP, or do you do it differently?

_________________
Regards



Mark

I guess you could have all the non-SSL sites sharing an IP with one SSL site (I've never done that but I don't know that it's a problem). Then you'd have just two IPs.