Set Up: Mac OS X Client OS, one network card, and multiple Virtual Hosts (three of the Virtual Hosts need SSL certificates) using Apache.
Problem: I have been using Virtual Hosts with Apache for a few years and until now, I have only had one web site that has needed a SSL certificate. After rethinking site security, I decided at least two additional web sites needed SSL certificates so no passwords were sent as clear text while using http basic authentication. However, my current Virtual Host setup only supports one SSL certificate…and I need to use three.
Basic Apache background:
When configuring multiple Virtual Hosts in Apache, you can use IP-based Virtual Hosts, or name-based Virtual Hosts. (When using IP-based Virtual Hosts, the server uses an IP address for each Virtual Host. When using name-based Virtual Hosts, all sites use the same IP address and the client’s browser sends the name of the site with each request. Apache then uses the name to determine which host should serve the request.) The problem with using name-based Virtual Hosts is that the host name is contained in the data stream (which is encrypted by SSL). In order for Apache to determine what name-based Virtual Host you are trying to access, Apache must first decrypt the stream. This process requires an SSL certificate so Apache must choose an SSL certificate before it knows the virtual host. So, if you try to configure your Virtual Hosts (name-based) with multiple SSL certificates, Apache will choose the first one listed and try and use that for all secure connections, thus producing errors for browsers.
Solution Part 1: Apache
Because Apache needs to determine which certificate to use without first decrypting the stream, you have to use IP-based Virtual Hosts so multiple Virtual Hosts can have their own certificates.
A snippet of my config:
ServerName www.jappler.com
ServerAdmin fake@email.com
DocumentRoot "/Volumes/www/Sites/jappler.com/documents"
CustomLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/jappler.com/log/access_log" 604800' combined
ErrorLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/jappler.com/log/error_log" 604800
SSLEngine off
ServerName dev.jappler.com
ServerAdmin fake@email.com
DocumentRoot "/Volumes/www/Sites/dev.jappler.com/documents"
CustomLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/dev.jappler.com/log/access_log" 604800' combined
ErrorLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/dev.jappler.com/log/error_log" 604800
SSLEngine on
SSLCertificateFile /etc/httpd/ssl_cert/dev-cert.crt
SSLCertificateKeyFile /etc/httpd/ssl_key/private-dev.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
ServerName webmail.jappler.com
ServerAdmin fake@email.com
DocumentRoot "/Volumes/www/Sites/webmail.jappler.com/documents"
CustomLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/webmail.jappler.com/log/access_log" 604800' combined
ErrorLog '|/usr/sbin/rotatelogs "/Volumes/www/Sites/webmail.jappler.com/log/error_log" 604800
SSLEngine on
SSLCertificateFile /etc/httpd/ssl_cert/webmail-cert.crt
SSLCertificateKeyFile /etc/httpd/ssl_key/private-webmail.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
Solution Part 2: OS/Multiple IPs
To configure your computer/server to use multiple IPs on one network card, open System Preferences > Network. I like to name my “locations” logically, so I created a new “location” and named it “Multiple IPs.” I then configured my “Built-in Ethernet port (see first picture). The first IP configuration is now set up. To set up the next IP configuration, I duplicated the “Built-in Ethernet” by going to System Preferences > Network > Network Port Configurations, and I renamed it “Built-in Ethernet (Virtual)”. I then configured that to use a different IP, and that was all I needed to do. Questions? Let me know!
[tags]Mac OS X, apache, vhosts, SSL[/tags]
How to Get Six Pack Fast
Hey, nice tips. I’ll buy a glass of beer to the man from that forum who told me to go to your site 🙂