Article 11366 at 07/12/06 06:27:59 From: colin (at mark) mainline.co.uk Subject: [coba-e:11366] Re: IP changes for SSL

Index: [Article Count Order] [Thread]
Date:  Wed, 5 Dec 2007 21:25:47 -0000
From:  "Colin Jack" <colin (at mark) mainline.co.uk>
Subject:  [coba-e:11366] Re: IP changes for SSL
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <683F5FB5E2C08E4A8FE8D499A890A3EA0378BC (at mark) mainserver.mainline.local>
References:  <683F5FB5E2C08E4A8FE8D499A890A3EA0378B7 (at mark) mainserver.mainline.local> <170501c83780$265b0520$6700a8c0 (at mark) OfficeKen>
X-Mail-Count: 11366



-----Original Message-----
From: Ken Marcus - Precision Web Hosting, Inc.
[mailto:kenmarcus (at mark) precisionweb.net] 
Sent: 05 December 2007 20:48
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:11365] Re: IP changes for SSL


----- Original Message ----- 
From: "Colin Jack" <colin (at mark) mainline.co.uk>
To: <coba-e (at mark) bluequartz.org>
Sent: Wednesday, December 05, 2007 9:04 AM
Subject: [coba-e:11364] IP changes for SSL


> We have a BQ server behind a firewall using 1 to 1 NAT for external IP
> addresses.
>
> Currently we have a number of vhosts on the server all using the same
> shared IP 192.168.10.130
> We have a site that now needs an SSL cert, so I changed the IP to
> 192.168.10.131 on that site and created a NAT forward from the
firewall
> for a different external IP.
>
> The external IP forwards to the server from the firewall fine
> The server has 192.168.10.131 as an alias on the primary interface
> The httpd vhosts file looks fine
>
> But apache cannot find the site.
>
> I have trawled through the mailing list but cannot find anything.
>
> Anybody got a clue?
>
> Thanks
>
> Colin
>
>
>

Colin

You might try setting the vhost to listen for both IPs the public and
the 
Natted IP.

Do something like
cp  /etc/httpd/conf/vhosts/site2 /etc/httpd/conf/vhosts/site2privateIP

Then edit the IPs in /etc/httpd/conf/vhosts/site2privateIP

Then add something like the line below to your
/etc/httpd/conf/httpd.conf
Include etc/httpd/conf/vhosts/site2privateIP


So, it will then listen for both IPs.


But It might be that you cannot do SSL that way as apache only knows
what 
SSL cert to use by the IP address.


----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net


Hi Ken,

Worth a try.

I have set up a new test BQ server with two new sites with different
private IP addresses behind the firewall and that works fine! It just
seems that the live server doesn't like being changed :)

I will have a play (carefully!).

Thanks

Colin





It takes 24 trees to produce 1 ton of office paper!
Think. is it really necessary to print this email?