Forum OpenACS Q&A: Re: Nsopenssl with virtual hosting

Collapse
Posted by Bart Teeuwisse on
Angel,

It is not clear from you answer whether the 3 domains are subdomains of the same main domain or separate main domains. E.g. sub1.domain.com, sub2.domain.com & sub2.domain.com or www.domain1.com, www.domain2.com & www.domain3.com.

The difference is important as Pound can handle HTTPS connections for wildcard SSL certificates (*.domain.com). While C.R. is correct in that HTTPS doesn't allow virtual hosting, Pound can setup the SSL connection w/ the client and forward the request as a HTTP request to the backend server. Pound can only do that for 1 wildcard certificate.

I've made some modifications to OpenACS (not yet committed to CVS) that allow OpenACS to handle the proxied HTTPS requests (which OpenACS receives as HTTP requests w/ an additional HTTP header indicating that Pound received the requests as HTTPS) as if they are secure.

/Bart

Collapse
Posted by Angel Francisco Marcos Alonso on
Three separate domains. www.domain1.com www.domain2.com www.domain3.com
Collapse
Posted by Bart Teeuwisse on
Angel,

as C.R. mentioned that is not possible with HTTPS. Each domain will have to have a direct Internet connection w/o a reverse proxy in between.

This is a restriction imposed by HTTPS and not by AOLServer or OpenACS.

/Bart