Re: [SM-USERS] Multiple domains + Apache + SSL + SM

[Lilla]

Hi,

The way I have configured Apache 1.3.27 to handle multiple domains is with namebased virutal hosts like this (httpd.conf):

(I have a iptables nat-firewall, thats why I'm using 192.168.0.4)

---------------------------------------------
<VirtualHost 192.168.0.4:80>
ServerName mail.example1.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/pkg-local/apache/1.3.27/htdocs-example1.com"
<Directory "/pkg-local/apache/1.3.27/htdocs-example1.com">
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog /pkg-local/apache/1.3.27/logs/error_log
CustomLog /pkg-local/apache/1.3.27/logs/access_log common
</VirtualHost>

<VirtualHost 192.168.0.4:80>
ServerName mail.example2.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/pkg-local/apache/1.3.27/htdocs-example2.com"
<Directory "/pkg-local/apache/1.3.27/htdocs-example2.com">
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog /pkg-local/apache/1.3.27/logs/error_log
CustomLog /pkg-local/apache/1.3.27/logs/access_log common
</VirtualHost>

[And so on for all my domains...]
--------------------------------------------

The essential thing is that they differ in the ServerName-tag, thats what Apache is looking for in the HTTP-requests.

Then each domain has separate directories as you see and each one of them has an ".htaccess" file like this:

Redirect permanent / https://mail.example1.com/

Then I have one HTTPS-directory that handles all domains:

--------------------------------------------
<VirtualHost 192.168.0.4:443>
DocumentRoot "/pkg-local/apache/1.3.27/htdocs-ssl"
ServerName mail.example1.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /pkg-local/apache/1.3.27/logs/error_log
TransferLog /pkg-local/apache/1.3.27/logs/access_log
[... some default stuff ...]
</VirtualHost>
---------------------------------------------

Thats it!

The drawback is that all domains gives the same SSL-cert so people will always get one warning when they enter your login-page, but if you are just hosting some webmail servers for your friends they can live with it and you have the benefit that no passwords are sent in plaintext. Ofcourse theoretically someone can be doing DNS spoofing if they have hacked the some DNS-server that the client is using, but that is not so likely... I think this method is better than always sending the passwords in plaintext. The best would ofcourse be if a future version of Apache could handle namebased virtual hosts over SSL.

The reason I want to use namebased virtual hosting in Apache is that I think it is nice if my friends do not have to enter "https://"; before the domain-name each time.

Also I think that the use of namebased virtual hosting in Apache may not be needed if the Redirect-line in .htaccess could be changed from

Redirect permanent / https://mail.example1.com/

to something like this

Redirect permanent / https://

but the last one doesn't work... Does anyone know if there is there a way to write in the .htaccess or in httpd.conf so that it just jumps imediately from http to https and keeping the same hostname (because I am running multiple domains on the same IP I can't use the hostname). Maybe I've missed it in the docs, but there may be a way to avoid using virtual domains for just performing a redirect to the same address but with https instead of http?

--
Cheers,
Lilla



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users