On 10/04/07, Kevin Brennan <kevin.brennan at redsquared.com> wrote:
>> There is one important difference when hosting. https can not be used to
> serve multiple domains from the same IP address (ie. you need one IP
> address per domain) contrary to this when using http you can have many
> domains served from the same IP address.
This is not strictly true; you need one unique *port* per HTTPS service - it
is perfectly possible to run two separate https services on different ports
(eg: https://foo.bar.baz/ and https://wibble.twiddle:4443/ could be on the
same IP address). However, as the port will default to 443 unless
explicitly specified, it is generally recommended that you maintain separate
IP addresses for each https service.
The reason is that, with HTTP, virtual hosts are selected using the Host:
header in the HTTP request. While this is available with HTTPS, the HTTP
request isn't sent until after the certificates have been exchanged - and
the hostname of the website is hardwired into the certificate. Other
protocols can use the STARTTLS mechanism to initiate secure communication
after the initial communication, but with HTTP all of the SSL stuff happens
first.
Colm
--
Colm Buckley / colm at tuatha.org / +353 87 2469146
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
