info at pcintelligence
Jul 1, 2009, 6:25 AM
Post #14 of 31
(340 views)
Permalink
|
|
Re: question about several ssl enabled virtual hosts
[In reply to]
|
|
-------- Original Message --------
Subject: Re: [Cherokee] question about several ssl enabled virtual hosts
From: Stefan de Konink <stefan[at]konink.de>
To: Michiel van Es <info[at]pcintelligence.nl>
Date: 07/01/2009 03:13 PM
> On Wed, 1 Jul 2009, Michiel van Es wrote:
>
>>> Now the leading proud user list is running on a single ip on multiple
>>> sites and that is an out of the box configuration. And since you had https
>>> working before, I wonder what you broke or better what you are trying to
>>> prevent. If cherokee binds to all the IPs you want, it should work right?
>> I broke it by running websites with SSL with diffirent ip's.
>> You want me to fix the DNS..that is not always possible in large
>> corporations..
>
> How on earth are you going *NOT* going to redirect your SSL site and your
> normal sites if they have a different IP?
I don't understand that sentence..
How can I bind a virtual host to an ip or tell me what I am doing wrong
with my setup please.
As I said before: I already have configured the 80.79.194.24 and
80.79.194.25 with pot 80 and port 443 (with the TLS checked).
Every virtual host has their own certificate and own wildcard hostname:
www.pcintelligence.nl
webmail.pcintelligence.nl
>
>> You are saying to me: ah we run it with 1 ip, so you could/should do it
>> also. (forcing me to change my dns - with al the TTL cache hassle).
>> That is not what I want..
>
> I'm not saying that at all, I say that you should bind cherokee to all
> IPs, and that will solve your problem anyway, because it is the default
> situation.
Not applying my used ip-adresses (80.79.194.24 and 80.79.194.25 but *
for 80 and 443 with tls?)
>
>>> Ofcourse you can run two different servers, that maybe a bit overkill.
>> 1 webserver can host multiple ip-adresses with diffirent SSL certs right?
>
> Yes.
>
>>>>> It even works without your extra IP. But since that will not work in
>>>>> ancient versions of IE, people still waste v4 space.
>>>> Ie 6 and up and Firefox 3 and up.
>>> Get the facts microsoft campaign:
>>>
>>> Browsers with support for TLS server name indication:[5]
>>>
>>> * Mozilla Firefox 2.0 or later
>>> * Opera 8.0 or later (the TLS 1.1 protocol must be enabled)
>>> * Internet Explorer 7 (Vista, not XP) or later
>>> * Google Chrome (Vista, not XP)
>>> * Safari 3.2.1 Mac OS X 10.5.6
>> Too bad , that IS 6 is is the third most used browser..what will I tell
>> my visitors?
>
> Like Microsoft, Tweakers.net, etc.: go upgrade.
Microsoft is not a good example..they MAKE people use their latest
browser, .NET etc...that is not always a good think,
I am talking about banks and financial corporations..they are in a way
other leahue then tweakers for example..
>
>> Offcourse it is unsecure and ancient..but I have to take care of my
>> customers will and needs not my own...
>
> You were not a company yet :)
I am reviewing Cherokee and Nginx for the company I am working for
(which has a lot of banks and financial companies who can NOT use IE 7
or IE 8 for the coming 2 years - such corporations upgrade once per 10
years or such..it is not my procedure but the one from the big banks etc..)
And yes I am reviewing it on my own personal project webserver..I want
to know what I should advise my customers to protect them against the
slowloris DoS..
>
>
> Stefan
>
Michiel
_______________________________________________
Cherokee mailing list
Cherokee[at]lists.octality.com
http://lists.octality.com/listinfo/cherokee
|
1
