2 SSL using 2 IP Addresses, how?
I hope somebody can guide me.
I currently have 1 server and 1 IP address and a working SSL cert for https. I have a few sites on this server all working fine and just one using SSL.
I want to add a another site with its own SSL cert which is possible by enabling 'Server Name Indication'. But 'Server Name Indication' does not work in IE and Windows XP so only 1 cert is possible.
After adding the site and purchasing an SSL cert for it, it works fine except if fails in IE and on XP which is a problem for me.
My thought is, purchasing a second IP address for my server and running this site from this second IP.
Is this possible?
Could I set this IP to use the second SSL cert.
And can I run the same disk image/stack between 2 addresses, just set apache to work with 2 IP addresses?
Thank you for any help.
13 Replies
But yea, 2 IP's is definitely possible and linode staff will allow you if they verify that you are actually hosting SSL sites off it.
@halothe23:
I use apache vHosts, and it never gave me an error on IE, or XP, not even on a windows 2000 box in my school, and that was serving 8 SSL certs from a single IP..
Really? I thought browsers that used Windows APIs on XP (such as IE) were the primary example of setups that lack SNI ability. Was that fixed and I'm now operating on incorrect information?
@markunit:
My thought is, purchasing a second IP address for my server and running this site from this second IP.
Is this possible?
Yes, we do this for our sites with SSL's. We have three currently running on one Linode (along with many non-SSL sites). Each site with an SSL has its own IP address.
How you implement it depends on the distro and the control panel software that you're using.
MSJ
Once you set the network file and edited the
Your control panel software may make these changes for you (depending on what you're using).
We edited added a ifcfg-eth1 (and 2 and 3) file to the network-scripts folder (RHEL / Red hat / Fedora / CentOS - it's different on Debian / Ubuntu) and updated the vhosts files.
We did not have to do anything to any services (except restart apache after changing things). We did make sure that 443 wasn't blocked in iptables.
We did update out SPF records to allow for the additional IPs as outgoing mail possibilities.
Are you having any issues or are you just trying to do your homework to make sure you don't end up with any unexpected hurdles?
MSJ
Just asking many questions now before starting.
Dont have any control panel installed and will do everything from command line and ftp and don't use email on this server, so hopefully MySQL and other base services will continue to work on all interfaces as they did before?
How have you setup your Virtual hosts files to point to set IP addresses for some sites but none for other sites?
For the sites that share the non-SSL IP we use this at the top of the vhost file:````
For the sites with their own IP & SSL we use these in the vhost file:````
<virtualhost \="" 555.666.777.888:80\=""></virtualhost>
&
<ifmodule mod_ssl.c=""><virtualhost \="" 555.666.777.888:443\=""></virtualhost></ifmodule>
MSJ
@markunit:
Just asking many questions now before starting … so hopefully MySQL and other base services will continue to work on all interfaces as they did before?
The services should all work fine without any intervention. IIRC we may have had to restart our VPS after adding the network changes so it could access the additional IP we were assigned.
Currently we have…
Once we get 2 fixed IPs what would we do with site 3 and 4, would we fix them to any IP?
If you have 3 IPs: 1 for each SSL site and then one for the rest you'd want the shared IP in the vhost files for site 3 & 4 and not 1.2.3.4 (which you used in site 1).
I think you need the
MSJ
Currently I have 1 IP shared among 4 or 5 websites with only 1 have SSL. I will add a second IP giving only 2 in total.
I would like to use them to have 2 sites with SSL, each on a different IP, and the other 3 sites simply sharing port 80 on any of the IPs.
Would my setup shown above for the