View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions SNI, multiple domains, single ip, one SSL domain
Log in to Ask a Question

SNI, multiple domains, single ip, one SSL domain

development

I have a great working Linode server with single IP and multiple domains - vhosts.

However, I need SSL for only one virtual host.

Configuration samples below for my-ssldomain.com (which is supposed to work with SSL) and my-nossldomain.com (one of the other domains which has nothing to do with SSL).

my-ssldomain.com.conf

    <virtualhost *:443="">SSLEngine on
      ServerName my-ssldomain.com
      ...</virtualhost>

my-nossldomain.com.conf

    <virtualhost *:80="">ServerName my-nossldomain.com
      ...</virtualhost>

https://my-ssldomain.com works as expected.

http://my-nossldomain.com works as expected.

https://my-nossldomain.com is not desired to be working, however it works unintentionally and first tries to load my-ssldomain.com's SSL certificate with a warning of course and if I select Continue then it opens my-ssldomain even it still shows https://my-nossldomain.com in the address bar.

I know that additional IP would solve this problem but I am trying to find single IP solution if any. If it is the only way then I would go that direction. But I have to make sure that Apache couldn't handle this.

Just to note: SSL is a self-signed cert which I am using for client authentication for an in-house web application. It doesn't matter but just in case, this is the setting.

Thank you in advance, for even reading.

6 Replies

TLS (SSL) is done at the port level in this case. When typing in https://my-nossldomain.com into your browser, it connects to your Linode via port 443, which then automatically looks for the SSL certificate for that IP addresses. This is before the hostname is looked at, virtual host are involved, etc.

Normally I'd say you'd want an additional IP however if you're already using a self-signed cert, you can simply create a vhost for https://my-nossldomain.com that includes a redirect (301) to the HTTP version of the site.

Feliciano, thank you for your reply.

I actually tried this and created a *.443 virtual host entry for the my-nossldomain.com but it didn't help.

I did following:

 <virtualhost *:443="">ServerName my-nossldomain.com
        RewriteEngine On
        RewriteRule ^/?(.*) http://my-nossldomain.com/$1 [R=301,L]</virtualhost>

But it still takes me to the https://my-ssldomain.com.

Now I wonder if I did something wrong in my configuration in rush. Are you sure that this will actually work? So what I am going to do is to have following in order:

# SSL Domain
 <virtualhost *:443="">SSLEngine on
      ServerName my-ssldomain.com
      ...</virtualhost> 

# NoSSL domain
 <virtualhost *:80="">ServerName my-nossldomain.com
      ...</virtualhost> 

# Redirection for NoSSL
 <virtualhost *:443="">ServerName my-nossldomain.com
        RewriteEngine On
        RewriteRule ^/?(.*) http://my-nossldomain.com/$1 [R=301,L]</virtualhost>

It looks right?

Thank you.

Decided to use additional IP. Web app already needs to be kind of "isolated", so win-win in this case.

Plus, now I'll have an IP if I need another domain to be SSL. I'll keep noSSL domains in one IP, SSL domains in other IP.

Thank you!

@smozgur:

Decided to use additional IP. Web app already needs to be kind of "isolated", so win-win in this case.

Plus, now I'll have an IP if I need another domain to be SSL. I'll keep noSSL domains in one IP, SSL domains in other IP.

Thank you!

That sounds like a better plan. :D

Now I need to learn how to separate IPs with domains :) I've been setting up Name Based Virtual Hosts all the time, so I am now reading about IP Based + Name Based Virtual Hosts :) Hopefully it is not that complicated.

Thank you very much, Feliciano!

And just as I guessed - it is complicated. Actually really simple but somehow I made it complicated so it doesn't work :)

Feliciano, if you'd like to see my problem kind of started with this :) then please take a look at this new thread of mine:

Apache - Name Based Virtual Hosting - 2 IP Addresses

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct