I have ISPConfig on its default port of 8080 with a real SSL certificate installed. I also host five other sites from that same IP address without SSL. I also have an additional IP address which I obtained without any fuss by stating it was for SSL which is hosted on the same node. Also with no issue. All 443 ports answer with a valid SSL certificate plus port 8080 on the ISPConfig domain.

And if you're wondering about the responses you are getting from other members of the forum perhaps you should look at the title of the thread you created. Whether you meant it or not it comes off as an attack. Every time you open a support thread you likely get someone new and when they check your SSL certificates they see a self signed one by the sounds of things, so they start to question your need for another IP address. In my opinion Linode is being a responsible citizen and not just handing out IP addresses because someone asks. They justify the need before giving them out. Otherwise you'd be here two weeks from now crying because they took your IP away because you haven't justified its use.

One IP can be used for countless shared hosting websites and one single SSL website.

If your server hosts one SSL website and, say, 200 shared hosting (non-SSL) websites, you only need the primary IP address, no additional IP addresses needed.

The limitation of "one SSL website per IP address" is only with SSL websites, and does not affect non-SSL websites in any way.

I'm referring to the control panel creating the apache config files for the primary ip address, NOT directadmin's admin port itself.

_________________
Larry Ludwig
Empowering Media
Managed Cloud Services and Managed VPS

Also after searching Google and following one link on the DirectAdmin website I've figured our how to install a signed SSL certificate for DirectAdmins use. I'm willing to bet with another quick search I could figure out how to change the port.

Google knows all.

In fact, if one of those SSL sites is only meant to be accessed by one or two people (like a control panel or a blog admin panel), you can even get away with hosting it on the same IP/port. You just need to make sure that the client doesn't use IE <= 8, because that's the only major browser that doesn't support SNI.

It's entirely possible that a few years from now, even SSL won't count as justification for extra IPv4 addresses anymore.


You call yourself a managed service provider and you're too afraid to touch Apache configuration files? Pfft.

It's my staff, not the client. I sure hope my staff understands what they doing.

_________________
Larry Ludwig

Empowering Media

Managed Cloud Services and Managed VPS

Well then your staff need better training. They shouldn't be wasting your clients', Linode's, and your time by not producing proper justification the first time around.

Yes, if it means a refresh by the control panel will break or rewrite what I need to change to work within the constraints of Linode.

And you do system administration?

I can see this thread is going absolutely nowhere.

_________________
Larry Ludwig

Empowering Media

Managed Cloud Services and Managed VPS

In fairness some control panels overwrite manual config changes. ISPConfig overwrites changes to vhost files not made through the panel. The main config file can be manually changed though.

People,

Just because you have not had the bad experience empoweringmedia has had doesn't make him wrong or an idiot. He has a perfectly valid complaint, let him have his say.

I'll bet very few other people have had his kind of problems but only because few people require large numbers of IP addresses.

Exactly this. If directadmin is wasting port 443 on your primary IP move it to another port. You are getting hassle and paying money for one extra IP per server that you really should not need.

If directadmin won't cooperate I'd change it with something else.

If you really have a requirement for a large number of IP addresses Linode isn't the cheapest way to buy these. What you want is a dedicated server with a /24.

It comes back to the control panel and it's writing the config files. The primary IP can be used for shared hosting, but not for SSL. At least from my remembering and previous research. I don't feel like redoing the previous research to prove my point as this thread is getting old fast.

To the ones that suggesting changing 443, how do you propose without then breaking the control panel rewriting these files in the future? You can't, or I'm not aware of a simple method to do this.

The shared ssl can be used as there are common apps (ie phpMyAdmin) via a primary URL. Linode's main beef it appears it's not a real SSL cert installed. We do have a wildcard cert we can install in some cases to appease the Linode gods.

There are cases in which the subdomain isn't ours. We could then force the client to buy a dedicated SSL cert, just to appease a $2/mo IP with Linode justification. That's outright silly.

In order to do SSL for a customer's web site, I need another IP address (it supports SNI). SNI on the second IP. Again, this isn't our limitation but the control panel. So in effect all we need is two total IP addresses per instance with DirectAdmin if we want to do SSL for any customer site.

I'm not going to replace a control panel, which also works very well in a VPS memory constrained setup because of Linode's policy. cPanel for example I believe can do this without issue, but still a memory/resource pig.

Yes it is possible DirectAdmin could somehow rework their code, but I'm not holding my breath. I'm dealing with current limitations not something in the future. Instead we are having to go through hoops just to achieve a simple result and haven't had this issue anywhere else. Again the reason why I started this thread to begin with, not to get troll posts.

_________________
Larry Ludwig

Empowering Media

Managed Cloud Services and Managed VPS

Actually I just spoke to one of my techs and the most recent case it's because we have frontpage (yes trolls I'm aware it's no longer supported, but to offer good customer service we still offer it. Believe me I would no longer want to offer it).

We must run apache 1.x to use FrontPage server extensions, which does not support SNI. We also have other installs where Apache 1.x must be used for other various supporting products too.

_________________
Larry Ludwig

Empowering Media

Managed Cloud Services and Managed VPS

Gawd, that sucks. Sorry, I must have missed the last post where you mentioned this technicality.


That's something you need to ask on the DA forums. I wouldn't be surprised if someone else has run into similar problems, given how scarce IPv4 addresses have become nowadays.

In any case, I still don't agree that Linode's IPv4 allocation policy "stinks", because:


In fairness, "my control panel sucks" is NOT a valid justification for IPv4 allocation.

If your control panel always overwrote MaxClients to 150, would you buy a Linode 4096 to accommodate this inefficiency? How is it different if your control panel always requires N+1 IPs to run N secure sites? If you can't convince your client to change control panels, a bit of hassle obtaining IPs is only to be expected.

Some hosts might allow it because they want to attract customers now at the risk of running out of IPs later. But Linode isn't one of those hosts, and there's nothing wrong with sticking to rules.

Ultimately in my end, if the customer wants it, they get it. I'll point out those issues, but it's not my decision.

My decision is to stay with DirectAdmin, because overall it's a much better, stable, secure and reliable control panel. Regardless of any minor limitations. Cpanel is of course more popular, but never had to worry about the issues that come with that mess of a control panel.

_________________
Larry Ludwig

Empowering Media

Managed Cloud Services and Managed VPS