My goal is to have multiple SSL sites on multiple IP address, but I’m struggling with the Apache setup:
// I want this: http + https example.com http + https example.net // On these IPs: http example.com 184.108.40.206:80 http example.net 220.127.116.11:80 https example.com 18.104.22.168:443 https example.net 22.214.171.124:443
Note that the DocumentRoot is different for all 4 sites.
In my current Apache setup, when a client visits https://example.com, Apache serves up 126.96.36.199 (connection refused, assume :443) instead of 188.8.131.52:443. The same is true with https://example.net (instead of 184.108.40.206:443). I assume this is because of my DNS a records for
www pointing to 220.127.116.11. The non-SSL 18.104.22.168 name-based-vhosts work fine.
I’m not sure if this is intended Apache behavior or not. So the core of my question is, “is this intended Apache behavior? If so, could someone give me an example of how the IPs should look in this situation? Should BOTH http and https example.com be on ONE IP instead of me splitting them up like this?”
My httpd.conf is like this right now:
# http example.com and http example.net: Listen 22.214.171.124:80 # https example.com: Listen 126.96.36.199:443 # https example.net: Listen 188.8.131.52:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName example.com DocumentRoot /var/www/example.com </VirtualHost> <VirtualHost *:80> ServerName example.net DocumentRoot /var/www/example.net </VirtualHost> <VirtualHost 184.108.40.206:443> SSLEngine on ServerName example.com DocumentRoot /var/www/example.com-ssl </VirtualHost> <VirtualHost 220.127.116.11:443> SSLEngine on ServerName example.net DocumentRoot /var/www/example.net-ssl </VirtualHost>
Edit: Every google search I do returns tons of SNI guides (multiple SSL vhosts on one IP, which is not what I’m looking for.
You seem to have misunderstood how DNS works.
DNS in this case resolves names such as
example.com to IP addresses such as
203.0.113.1. You can’t have a different IP address for a different port or service.
Thus, you need to use the same IP address for HTTP, HTTPS and every other service that might be served with that domain name.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.