My goal is to have multiple SSL sites on multiple IP address, but I’m struggling with the Apache setup:
// I want this: http + https example.com http + https example.net // On these IPs: http example.com 220.127.116.11:80 http example.net 18.104.22.168:80 https example.com 22.214.171.124:443 https example.net 126.96.36.199:443
Note that the DocumentRoot is different for all 4 sites.
In my current Apache setup, when a client visits https://example.com, Apache serves up 188.8.131.52 (connection refused, assume :443) instead of 184.108.40.206:443. The same is true with https://example.net (instead of 220.127.116.11:443). I assume this is because of my DNS a records for
www pointing to 18.104.22.168. The non-SSL 22.214.171.124 name-based-vhosts work fine.
I’m not sure if this is intended Apache behavior or not. So the core of my question is, “is this intended Apache behavior? If so, could someone give me an example of how the IPs should look in this situation? Should BOTH http and https example.com be on ONE IP instead of me splitting them up like this?”
My httpd.conf is like this right now:
# http example.com and http example.net: Listen 126.96.36.199:80 # https example.com: Listen 188.8.131.52:443 # https example.net: Listen 184.108.40.206:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName example.com DocumentRoot /var/www/example.com </VirtualHost> <VirtualHost *:80> ServerName example.net DocumentRoot /var/www/example.net </VirtualHost> <VirtualHost 220.127.116.11:443> SSLEngine on ServerName example.com DocumentRoot /var/www/example.com-ssl </VirtualHost> <VirtualHost 18.104.22.168:443> SSLEngine on ServerName example.net DocumentRoot /var/www/example.net-ssl </VirtualHost>
Edit: Every google search I do returns tons of SNI guides (multiple SSL vhosts on one IP, which is not what I’m looking for.
You seem to have misunderstood how DNS works.
DNS in this case resolves names such as
example.com to IP addresses such as
203.0.113.1. You can’t have a different IP address for a different port or service.
Thus, you need to use the same IP address for HTTP, HTTPS and every other service that might be served with that domain name.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.