Forum OpenACS Q&A: Re: how to config for multiple aolserver instances

8: Re: how to config for multiple aolserver instances (response to 7)

Posted by Brad Ford on 07/07/03 11:54 PM

Wow, that was over my head... Bart, am I correct in interpreting that thread and the other openacs.org threads to mean that https/ssl is inherently not a possibility with virtual hosting because of the layers between the servers? Any chance you could summarize in layman's terms - would be greatly appreciated.

9: Re: how to config for multiple aolserver instances (response to 8)

Posted by Bart Teeuwisse on 07/08/03 12:06 AM

Brad,

that is (partially) correct. Yes, you can NOT proxy an SSL server. That is you can NOT setup the following scenario:

- https://dev.domain.com/ and
- https://xml.domain.com/

both behind a proxy. The proxy can NOT pass the https requests on to the virtual domains.

However, you can setup a proxy server that handles ALL SSL negotiations and passes the https requests on as http requests to the appropriate virtual domain. In other words, when the proxy receives a request for https://dev.domain.com/ it will authenticate the secure request and forward the request to http://dev.domain.com/. The virtual web servers never see a secure connection.

Pound (http://www.apsis.ch/pound/) is a reverse proxy that I know of to support this configuration.

In order to do this, the proxy would require a wildcard certificate for *.domain.com so that it can authenticate requests for both subdomains in the above example.

/Bart