My goal is to have multiple SSL sites on multiple IP address, but I’m struggling with the Apache setup:
// I want this: http + https example.com http + https example.net // On these IPs: http example.com 18.104.22.168:80 http example.net 22.214.171.124:80 https example.com 126.96.36.199:443 https example.net 188.8.131.52:443
Note that the DocumentRoot is different for all 4 sites.
In my current Apache setup, when a client visits https://example.com, Apache serves up 184.108.40.206 (connection refused, assume :443) instead of 220.127.116.11:443. The same is true with https://example.net (instead of 18.104.22.168:443). I assume this is because of my DNS a records for
www pointing to 22.214.171.124. The non-SSL 126.96.36.199 name-based-vhosts work fine.
I’m not sure if this is intended Apache behavior or not. So the core of my question is, “is this intended Apache behavior? If so, could someone give me an example of how the IPs should look in this situation? Should BOTH http and https example.com be on ONE IP instead of me splitting them up like this?”
My httpd.conf is like this right now:
# http example.com and http example.net: Listen 188.8.131.52:80 # https example.com: Listen 184.108.40.206:443 # https example.net: Listen 220.127.116.11:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName example.com DocumentRoot /var/www/example.com </VirtualHost> <VirtualHost *:80> ServerName example.net DocumentRoot /var/www/example.net </VirtualHost> <VirtualHost 18.104.22.168:443> SSLEngine on ServerName example.com DocumentRoot /var/www/example.com-ssl </VirtualHost> <VirtualHost 22.214.171.124:443> SSLEngine on ServerName example.net DocumentRoot /var/www/example.net-ssl </VirtualHost>
Edit: Every google search I do returns tons of SNI guides (multiple SSL vhosts on one IP, which is not what I’m looking for.
You seem to have misunderstood how DNS works.
DNS in this case resolves names such as
example.com to IP addresses such as
203.0.113.1. You can’t have a different IP address for a different port or service.
Thus, you need to use the same IP address for HTTP, HTTPS and every other service that might be served with that domain name.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.