Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Nov 2002 12:18:20 +0100
From:      Marko Zec <zec@tel.fer.hr>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        FreeBSD-Stable Mailing List <freebsd-stable@FreeBSD.ORG>
Subject:   Re: jailed virtual https, anyone?
Message-ID:  <3DDF63FC.CD65A76B@tel.fer.hr>
References:  <0F232CC93A58D6119C1600B0D0799B817CE703@hamsrvmx03.logica.co.uk> <20021122145947.406b4d31.tarkhil@webmail.sub.ru> <20021122131247.GB30135@happy-idiot-talk.infracaninophi>

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote:

> On Fri, Nov 22, 2002 at 02:59:47PM +0300, Alex Povolotsky wrote:
> > On Fri, 22 Nov 2002 11:04:09 -0000
> > "Oelkers, Dennis" <OelkersD@logica.com> wrote:
> >
> > OD> I don't want to give you a step-by-step tutorial how to set up a jailed
> > OD> apache, but
> > OD> a good start is the jail(8) manpage ...
> >
> > You're quite right, but I have EVERYTHING works ok for now, EXCEPT virtual hosts with https. Google shows nothing relevant on "jail https virtual".
>
> That's a tricky one.  HTTPS virtual hosts have to be IP virtual hosts
> rather than Name virtual hosts due to the nature of the HTTPS
> protocol.  (The HTTP header that tells the webserver which virtual
> host to direct the request to is part of the encrypted payload, and
> can only be decrypted using the keys from the correct virtual host.
> Catch 22, unless you can distinguish between the virtual hosts by some
> other means, ie. IP number.)
>
> Since a jail(8) by default only allows one IP number, that means only
> one HTTPS server per jail.  However patches to support a range of IP
> numbers per jail have been posted to freebsd-hackers@

You can easily run multiple https servers inside a vimage partition if you wish, see http://www.tel.fer.hr/zec/BSD/vimage/

Marko


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DDF63FC.CD65A76B>