| Web Server Management: Securing Access to Web Servers | ||
|---|---|---|
| Prev | Chapter 4. Configuring Apache to support TLS | Next |
This configuration uses Apache's "Virtual Host" feature. According to the manual:
The term Virtual Host refers to the practise of running more than one web site (such as www.company1.com and www.company2.com) on a single machine. Virtual hosts can be "IP-based", meaning that you have a different IP address for every web site, or "name-based", meaning that you have multiple names running on each IP address. The fact that they are running on the same physical server is not apparent to the end user. ... With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. | ||
| --The Apache Manual | ||
It is common to use name-based virtual hosting for HTTP
websites. However for HTTPS there is a problem with this. The
name used to select the correct virtual host is carried in the
HTTPS traffic and is therefore encrypted. Before it can be
decrypted, the web server has to select an appropriate
certificate to offer to the browser, but to do that it needs to
know which site it is serving. This is a "Catch 22"
situation. Becasue of this it is necessary to use IP-based
virtual hosting if a single web server needs to deal with more
then one HTTPS website. This is achieved by
not including the
NameVirtalHost in the configuration.