Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Nov 2002 13:12:47 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD-Stable Mailing List <freebsd-stable@FreeBSD.ORG>
Subject:   Re: jailed virtual https, anyone?
Message-ID:  <20021122131247.GB30135@happy-idiot-talk.infracaninophi>
In-Reply-To: <20021122145947.406b4d31.tarkhil@webmail.sub.ru>
References:  <0F232CC93A58D6119C1600B0D0799B817CE703@hamsrvmx03.logica.co.uk> <20021122145947.406b4d31.tarkhil@webmail.sub.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 22, 2002 at 02:59:47PM +0300, Alex Povolotsky wrote:
> On Fri, 22 Nov 2002 11:04:09 -0000
> "Oelkers, Dennis" <OelkersD@logica.com> wrote:
> 
> OD> I don't want to give you a step-by-step tutorial how to set up a jailed
> OD> apache, but
> OD> a good start is the jail(8) manpage ...
> 
> You're quite right, but I have EVERYTHING works ok for now, EXCEPT virtual hosts with https. Google shows nothing relevant on "jail https virtual".

That's a tricky one.  HTTPS virtual hosts have to be IP virtual hosts
rather than Name virtual hosts due to the nature of the HTTPS
protocol.  (The HTTP header that tells the webserver which virtual
host to direct the request to is part of the encrypted payload, and
can only be decrypted using the keys from the correct virtual host.
Catch 22, unless you can distinguish between the virtual hosts by some
other means, ie. IP number.)

Since a jail(8) by default only allows one IP number, that means only
one HTTPS server per jail.  However patches to support a range of IP
numbers per jail have been posted to freebsd-hackers@

    http://docs.freebsd.org/cgi/getmsg.cgi?fetch=219925+0+/usr/local/www/db/text/2002/freebsd-hackers/20020623.freebsd-hackers

Use at your own risk.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021122131247.GB30135>