On a shared server, we have some sites that only run on port 80. However, there are other sites that run on both port 80 and 443.
<VirtualHost *:80> ServerName unsecure.com </VirtualHost> <VirtualHost *:80> ServerName secure.com RedirectPermanent / https://secure.com </VirtualHost> <VirtualHost *:443> ServerName secure.com </VirtualHost>
Requests to https://unsecure.com will be presented the certificate for secure.com. Is there any way to avoid this other than separating out the interfaces (i.e. foo:80 and bar:443 which isn’t possible in this situation). Many of these sites on port 80 are legacy sites, and setting them up to use SSL isn’t as straightforward as we had hoped.
You don’t need separate network interfaces, just separate IP addresses. Sites which are deployed with https get one IP address, while sites with http only get the other IP address. When a site is migrated to https, its DNS address records also get chnaged to the other IP address.
In Apache, you will change the Listen directives to correspond to those IP addresses. For example:
Listen 198.51.100.37 80 Listen 203.0.113.252 80 Listen 203.0.113.252 443
This is the only way to do it reliably.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.