[svlug] Re: apache-ssleay vs stronghold and virtual hosts

[Brian W. Spolarich]

On Tue, 10 Mar 1998 mfw at datamain.com wrote:

| yes, you can for port 80 (or any other non-SSL port).  it does not work
| with SSL, port 443  (https://new-third-level-host.yourdomain.nu/).
| 
| it explicitly says it does not work in the stronghold docs.
| 
| you must instead use  https://host.yourdomain.nu:7654/ -- a specific
| port after the hostname.
| 
| if you have SSL working on your third-level hosts, please let me know!

  I was having a number of problems with Stronghold and virtual hosts.  I
was seeing instances where my <VirtualHost> containers would "leak" so
that one virtualhost would use another's certificate.

  I finally got around the problem by configuring multiple serverroots,
and running multiple instances of stronghold (as opposed to a single suite
of processes handling all requests).  This is pretty similar to the
Netscape model as well.

  To do this, you need to create separate conf directories for each site.
For example:

pion:stronghold/conf# ls -R www.ops.ans.net/
conf/        logs/        mime.types@  reload*      start*       stop*

www.ops.ans.net/conf:
httpd.conf

  You need to initialize a virtual interface for the site.  ifconfig under
solaris and a lot of other unixes.

  Then you start the server:

  ./httpsd -d /ans/stronghold/conf/www.ops.ans.net

  In httpd.conf you need to put the following:

  BindAddress <site address>
  Listen <site address>:443

  This works okay, and I don't have any of these problems anymore.

  Stronghold is in theory simply a version of Apache+SSLeay that one can
use in the US without violating RSA's patent.  Does anyone know what the
differences are from stock apache and SSLeay?

  -bws

--
Brian W. Spolarich - ANS Communications - briansp at ans.net - 734-214-7311
              "Not a whit, we defy augury." - Hamlet, V, ii


--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe