On Mar 9, 2006, at 11:49 AM, Carl Parrish wrote: > Alex Dean wrote: > >> It's not so bad. The main things are : >> >> - You can't have more than 1 SSL site per IP:port combination. >> - You have to specify a port for every virtual host (80, 443, or >> otherwise) in the . There are differences in using >> named virtual hosts vs. ip-based virtual hosts that can be >> confusing, but if you only have 1 IP or >> will do fine. >> >> The only directives you need in the VirtualHost are : >> SSLEngine On >> SSLCertificateFile file.crt >> SSLCertificateKeyFile file.key >> >> Other directives may be desireable/useful, but those 3 will make >> it 'go'. >> >> alex >> . >> > Alex, > I currently only have one IP on this computer but I need to set up > 3 secure virtual hosts. Would it be better / safer / easier to > change ip addresses or port numbers for the others? I've added IP > addresses before so its not *that* big of a deal but please keep in > mind I'm more of a programmer than a system admin. Me, too. :) I've learned Apache configuration out of necessity. From a web-only perspective, I'd say that if you've got the extra IPs, use 'em. Non-standard ports are hard for users and search engines. But setting up extra IPs is work in itself (router/firewall stuff you wouldn't need to do with only 1 IP). If these are private sites with small userbases, 3 goofy ports on a single IP is probably no big deal. I don't think either approach has any specific security implications, since the encryption is the same either way. (But the more security-knowlegeable on this list might know something I don't in this respect.) 'apachectl configtest' is really useful. If you don't get anything from 'configtest' and it's still not working, skim through the apache error logs. 'configtest' only knows about syntax errors, so underlying ssl problems (like an incorrect key file) won't be caught until you actually restart the server. If you do have problems, be sure to check both your main log and the virtual-host specific ones. If you have to do this a lot, it can be nice to have a 2nd console window open running 'tail -f /your/apache/error.log'. You'll see the new log entries as they are written. alex . --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss