My goal is to have multiple SSL sites on multiple IP address, but I’m struggling with the Apache setup:
// I want this: http + https example.com http + https example.net // On these IPs: http example.com 126.96.36.199:80 http example.net 188.8.131.52:80 https example.com 184.108.40.206:443 https example.net 220.127.116.11:443
Note that the DocumentRoot is different for all 4 sites.
In my current Apache setup, when a client visits https://example.com, Apache serves up 18.104.22.168 (connection refused, assume :443) instead of 22.214.171.124:443. The same is true with https://example.net (instead of 126.96.36.199:443). I assume this is because of my DNS a records for
www pointing to 188.8.131.52. The non-SSL 184.108.40.206 name-based-vhosts work fine.
I’m not sure if this is intended Apache behavior or not. So the core of my question is, “is this intended Apache behavior? If so, could someone give me an example of how the IPs should look in this situation? Should BOTH http and https example.com be on ONE IP instead of me splitting them up like this?”
My httpd.conf is like this right now:
# http example.com and http example.net: Listen 220.127.116.11:80 # https example.com: Listen 18.104.22.168:443 # https example.net: Listen 22.214.171.124:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName example.com DocumentRoot /var/www/example.com </VirtualHost> <VirtualHost *:80> ServerName example.net DocumentRoot /var/www/example.net </VirtualHost> <VirtualHost 126.96.36.199:443> SSLEngine on ServerName example.com DocumentRoot /var/www/example.com-ssl </VirtualHost> <VirtualHost 188.8.131.52:443> SSLEngine on ServerName example.net DocumentRoot /var/www/example.net-ssl </VirtualHost>
Edit: Every google search I do returns tons of SNI guides (multiple SSL vhosts on one IP, which is not what I’m looking for.
You seem to have misunderstood how DNS works.
DNS in this case resolves names such as
example.com to IP addresses such as
203.0.113.1. You can’t have a different IP address for a different port or service.
Thus, you need to use the same IP address for HTTP, HTTPS and every other service that might be served with that domain name.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.