Hosting Multiple SSL Sites on Separate IP Addresses

Similar Messages

• Single SSL Web Listener for hosting multiple web sites

  Hi All,
  We are currently hosting multiple websites with Single HTTP Web Listener .. As of now it's everything is working fine..
  Now we have planned to have SSL for the hosted sites 
  Each hosting site will have different SSL Certificates and  i am little confused to use Single SSL Web Listener to host multiple web Sites...
  Can any one guide me to use Singel SSL Listener for using all hosted sites..
  We are having TMG on DMZ Network on Single Nic..
  KJSUBBU

  Hi,
  it is no problem to host multiple SSL websites with only one IP address / certificate on the TMG Server. Only the authentication options for the published websites must be unique, because you cannot use multiple authentication options in one Listener
  TMG Server uses HTTPS to HTTPS bridging, so you can use Host header and more to distinguish between the different internal websites:
  http://technet.microsoft.com/en-us/library/cc995178.aspx
  Regarding the SSL certificate on the internal webservers. TMG must trust the issuing certificate authority which issued certificates for these websites and the name you used to connect from the TMG Server to the internal webserver must part of the CN (Common
  Name) or SAN (Subject Alternate Name) on the certificates of the webservers
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

• Hosting multiple web sites usinf personal web sharing

  would someone be kind enough to give me a guide to hosting MULTIPLE web sites on a Mac Mini
  i have broadband connected to my router
  my mac connects to my router with an ip address of 192.168.1.150
  I have registered the domain names and want to forward them to the computer hosting the web sites
  how can I get each domain name to point to each different web site on my computer

  This is a topic you should post to an Apache discussion group being as though Apple's personal web sharing software is Apache.

• Can Snow Leopard host multiple web sites...

  I have set up Snow Leopard to host a website by putting my files in the Home/Library/Webserver/Documents to access this site publicly. It works fine. How do I host multiple websites with 1 public IP with out having to use Leopard Server?
  Any help is appreciated.

  just make a folder in /Library/Webserver/Documents and put all the new stuff there. then add the name of this folder to the website address when entering it in a browser.

• Hosting multiple web sites.

  Dear members:
  I am considering OS X Server for a personal project and would like some advice to help me decided what route to take.
  My computer will soon be turned into a server hosting my web sites and some other services at my home office. I am thinking about OS X Server as I have done some research and found OS X to require quite a bit of work so that it can do virtual hosting.
  How simple is it to configure virtual hosting in OS X Server ? I am considering the latest Leopard version in case it matters. I am not experienced and wish to employ an application that will simplify this process.
  Any help will be very appreciated.
  Thank you,
  Joseph Chamberlain

  Joseph:
  Although I wouldn't touch any Web-server software other than Mac OS X Server, I should warn you that Apple occasionally favors "pretty" over "practical." I've used PCs and Macs since the Mac Plus was hot, and I've used OS X Server 10.3, 10.4, and now 10.5.3. The last is really excellent, with a gorgeous/powerful Server Admin user-interface, many supporting tools, and thousands of hardball features, but like many Apple "industrial-strength" software products, Mac OS X Server still contains a very few really BAD bugs -- or "oversights" if you prefer.
  Before taking the plunge (maybe you already did?), read up on troubleshooting OSX Server's Postfix-based mail service. Even the 10.5.3 upgrade can turn "easy setup" into major frustration; you can do everything by the book and still have weird mail-server glitches. Don't even get me started on documentation for and "centralized" management of Open Directory, Kerberos, etc. I will be migrating to SSL mail security to avoid the user-directory thrash.
  When trying to make OSX Server 10.5.3 (a clean install) host *multiple top-level Web domains under a single IP number*, Apple documentation online and on disc didn't offer enough setup detail and virtually NO troubleshooting. Google.com can find what's missing. This archived earlier forum thread saved my bacon....
  Topic : "multiple web sites"
  http://discussions.apple.com/thread.jspa?threadID=682507
  In a nutshell: a multiple-website installation of OSX Server requires careful interaction between the domain-name, IP#, port#, and aliases for each site. When I created my several sites. I relied on the default installation (and Apple instructions) which leaves a wildcard "*" asterisk in each site's Web>Sites>Aliases>WebServerAliases field (in Server Admin). No matter how I diddled with each site's domain-name, IP#, and port# (to create unique combinations), I couldn't force the individual domains to get served independently (despite their shared static IP#) until I DELETED the wildcard WebServerAliases for all the sites. Poof, now it works fine.
  Part of the problem is that Apple still publishes documentation on its legendary *drool-proof paper* ("do not expose your LaserWriter to open flame").

• Creating multiple web sites for separate domain names

  Is it possible to create a different web site using a different web address in IWeb 06? A friend asked me to make a web site for them....can/how do I publish it to a different address?
  Thanks for the help!

  Welcome to the Apple Discussions. The best way is to have a separate domain name for each site you want to manage. When you publish the sites each will have a separate URL. It will be:
  http://web.mac.com/your .Mac account name/the site folder name/index.html
  I use iWebSites to manage multiple sites.. It lets me create multiple sites and multiple domain files.
  This lets me edit several sites and only republish the one I want.
  OT

• Hosting mutiple web sites

  How do I host multiple web sites in OS 10.4 server? I know how to do virtual web sites by editing the httpd.conf. I want to know how to do that in the GUI.

  Have you looked at Server Admin?
  It's pretty straightforward - connect to the server, select Web and hit the Sites tab. Add as many sites as you like, using either different ports or different hostnames for each one.
  It will create a separate .conf file for each virtual host.

• Noob needs help with hosting multiple sites

  Hello I am new to this multi hosting. I have looked on the forum for answers but haven't found any. I am trying to figure out how to host multiple sites. I have my dns working for my default site "example1.com", but need to know if I need to add another dns record for my second site. "example2.com". Also when I point to the new fold that has the second site in it and I assign it port 82 for testing purposes I get an error message saying 403 access forbidden. I need to find out how get permission to view the site for the public. Its in a separate folder on an external hard drive right now for testing purposes. Can any body help me or point me in the right direction? Thanks so much!!!
  -Kcam1999

  {quote}
  While what you are telling him is technically functional, it is not correct
  I beg to differ, Paul. You are the one that is not correct.
  CNAMES have been deprecated as of some years ago
  What? huh? really?
  Please show me any official document that states this (and not someone who just started a rumor because he didn't understand them). Indeed, the DNS RFC makes no such claim.
  {quote}
  I stand very much corrected. CNAMEs are not officially deprecated. Interestingly, your post cites precisely what happens when CNAMES used carelessly. How many transactions are needed to resolve Apple's CNAME chain below? RFC1912 (http://www.faqs.org/rfcs/rfc1912.html) has some recommendations that suggests Apple's own network folks have, like me and perhaps even others here, some learning to do. Is that a 'best practice?'
  {quote}> Then make sure you tell Apple since this site depends on the use of CNAMEs:
  dig discussions.apple.com
  discussions.apple.com. 492 IN CNAME discussions.apple.com.edgesuite.net.
  discussions.apple.com.edgesuite.net. 4427 IN CNAME a1399.b.akamai.net.
  a1399.b.akamai.net. 2 IN A 128.241.220.82
  a1399.b.akamai.net. 2 IN A 128.241.220.72
  In fact, it uses TWO CNAMES in a chain. Oh my.{quote}
  From RFC1912 (which I'm sure many have now read here), section 2.4 is as follows:
  {quote}... having chained records such as CNAMEs pointing to CNAMEs may
  make administration issues easier, but is known to tickle bugs in
  some resolvers that fail to check loops correctly. As a result some
  hosts may not be able to resolve such names.{quote}
  {quote}> It is not valid to say "don't use these because they could cause problems'. A records can be just as problematic, as can PTRs. Let's not even talk about MX.{quote}
  How, exactly, does is an A record problematic? No chains, no additional lookups, no wasted cycles...
  We differ here -- and if we are dealing with a newbie, we don't need to enter into unnecessary complexity UNTIL it is a requirement for their solutions.
  {quote}> There are many valid reasons to use CNAMEs in DNS, not least of which is the ease of moving a service if it uses CNAMEs. For example, if you have 10 A records all pointing at the same server and you want to migrate to a different machine you have to locate and update all 10 records. If they used a CNAME to the physical server you could move them all at once using a single change. This is especially important in cross-domain links where you may not control all the origin zone files.
  {quote}
  You're somewhat reaching here, and it is well beyond the scope of the OP's post or needs (well, until they tell us more about their needs, I suppose). There is nothing difficult about 'finding' and updating the necessary records. The final example you gave is a good one and I'll say THAT is an appropriate use of a CNAME, 'though there are other workarounds for it.
  Thanks for keeping me honest.

• Sendmail plugin: emailing multiple page document, each page to a separate email address

  when I try to email a document to separate email addresses it will not separate the pages,  The Sendmail plugin claims (in the page with the "next" button) that it will read each page and use the email address found there to mail that page to that address, but it only creates a multiple page document to mail to the address found on the first page.

  Hey BorealHobbit,
  Could you please provide me few details like what OS version and email system are you using?
  Are you trying to send multiple page PDF document? What Acrobat version are you using?
  Please let me know.
  Regards,
  Anubha

• Setting up multiple web sites (virtual hosting).

  Dear members:
  I am considering OS X Server for a personal project and would like some advice to help me decided what route to take.
  My computer will soon be turned into a server hosting my web sites and some other services at my home office. I am thinking about OS X Server as I have done some research and found OS X to require quite a bit of work so that it can do virtual hosting.
  How simple is it to configure virtual hosting in OS X Server ? I am considering the latest Leopard version in case it matters. I am not experienced and wish to employ an application that will simplify this process.
  Any help will be very appreciated.
  Thank you,
  Joseph Chamberlain

  You could create local PAC file <http://findproxyforurl.com/pac_file_examples.html> where you can return multiple PROXY servers.  You would create text file with your PAC script in it.  Then specify System Preferences -> Network -> Advanced -> Proxy -> Automatic Proxy Configuration, and click "Choose File".
  If you choose to take BDAqua's advice and create multiple Network Locations, you can then use either
  /usr/sbin/networksetup -switchtolocation "MyCompanysProxy1"
  /usr/sbin/networksetup -switchtolocation "MyCompanysProxy2"
  /usr/sbin/networksetup -switchtolocation "MyCompanysProxy3"
  or
  /usr/sbin/scselect "MyCompanysProxy1"
  /usr/sbin/scselect "MyCompanysProxy2"
  /usr/sbin/scselect "MyCompanysProxy3"
  you can put them into a script of your choosing.  Shell script, or Automator Run Shell Scirpt, or Applescirpt do shell script (or Perl, Python, Ruby, etc...)

• Multiple Web Sites on OS X Mavericks Server

  I want to run multiple test web sites off my home Mac OS X Mavericks Server 10.9 can someone point me to a good "How to" on the specific of how to use the Server application to create and operate multiple web sites of a single Mavericks Server?
  Example
  MyServer.inno.com          10.0.2.5
  Basic web is up and running....
  I want to host four other web sites off the same machine for testing purposes how do I do that?
  MyServer.inno.com          10.0.2.5
  MyServer.web1.com          10.0.2.5
  MyServer.web2.com          10.0.2.5
  MyServer.web3.com          10.0.2.5
  MyServer.web4.com          10.0.2.5
  so if I go to the server and load
       MyServer.web1.com          10.0.2.5
  it load a different web server.
  My thought is to use virtual host how does Apple / Community recommend I set this up...
  T.

  Please do not squat in the "home.com" domain.  If you're going to use a bogus domain, please use a bogus to-level domain such as server.home.jarvis — .jarvis is not currently a valid top-level domain, though that might change with the way ICANN has been bringing many new top-levels online, so a real registration is safer here.
  Peter Jarvis wrote:
  Assumptions:
       1. The Server is not intended to be publicly accessable from the Internet
  How will it be accessed?  Entirely privately?  No external access?  OK.
       2. Private Network - 10.0.1.X
  I'd probably pick something a little further into 10, such as 10.8 or 10.10, or 10.20.1.x — if you're ever using a VPN, it's best to use a weirder subnet, and I've worked with several folks that have 10.0.1.0/24 subnets.
       3. DHCP Reservation for the Mac Server - 10.0.1.2.
  I usually prefer keep the server and the other fixed-address hosts outside the DHCP pool.
       4. Server Domain name MacServer.home.com
  Are you the registrant for the home.com domain?  (I'd tend to doubt that, and would therefore suggest use of a real and registered domain or subdomain that you have permission to use or (less desirably) use a bogus top-level domain.)
       5. Example Web Site http:www.rouxacademy.com to also run off the same server...
  Is that going to be public?
  Prequisites:
       1. Static Server IP Address / DHCP Reserved IP Address against MAC Address
       2. DNS Service Configured and Running
       3. Web Service Configured and Running
       4. Example Web Site http:www.rouxacademy.com
       5. You have a basic website (with mysql) files available
                 Directory roux_academy (Contains Basic Web SIte files etc)
  OK.
  Steps:
       1. Static Server IP Address / DHCP Reserved IP Address against MAC Address
  The Airport Airport allows you to Reserve and IP address against a MAC (Media Access Control) physicall address of Server Ethernet Card. You can do this or have the Airport allocated DHCP address from 10.0.1.50 and above and statically allocate the server address of the machine.
  I'd leave the server out of the address pool.  So long as the pool and all static IP hosts are in the same block (usually a 255.255.255.0 or /24 subnet) it'll all work, and you won't need to entangle the OS X Server with the DHCP server.
       2. DNS Service Configured and Running
  Install Mavricks, install OS X Server application, launch server app...
  Go to DNS tab, define a new host name MacServer.home.com and associate with 10.0.1.2 IP Addresss
  Start DNS Service...
  Note: DO not publish DNS service via airport to Internet...
  Other than not squatting in that domain, yes.  There's no reason to open TCP or UDP port 53 inbound.
       3. Web Service Configured and Running
  Go to Web Sites tab...
  Click + and create new web site entry
  Domain Name:                http:www.rouxacademy.com
  IP Address:                     Any
  SSL:                               None
  Store Files in:                /Volumes/dev/Library/Server/Web/Data/Sites/roux_academy
  Who can access:          Anyone # I would restrict to a single user
  Additional Domains:     rouxacademy.com
  no http: prefix there, but yes.
  If you're not exposing the server to the 'net (as mentioned above) there's probably no need to restrict.  If you do need to restrict, you'll need to edit configuration files for Apache, or some other technique — maybe a VPN, if you're allowing (controlled, VPN-based) inbound access into your network.
  Start Web Service...
       4. Back to DNS
  Add host name....
  www.rouxacademy.com / 10.0.1.2
  # Do not create an MX record or publish DNS via airport...
  AirPort does not know from MX records, and does not provide DNS services.  AirPort will know about your local DNS server, since you are apparently using the AirPort for DHCP.
  You can also add the DNS translation during step 2; Apache and DNS are not tightly linked here.
  Launch Safari and type
       www.rouxacademy.com          - should launch web site...
       rouxacademy.com                   - should launch web site
  Caveat: the Real rouxacademy.com will not be accesable from the server or local machines on 10.0.1.X network...
  Ah, so there's a key detail — you're playing games and mimicking a real web site?  OK.
  The rouxacademy.com web site will be accessible from the server, as that'll (also) have the DNS translation (and remember the basis for virtual hosting is the client — the server in this case — has a translation for the host — the rouxacademy.com or www.rouxacademy.com domain in this case — and passes that string over the HTTP or HTTPS connection to the web server.   If you really want to keep the server from accessing this web site, then you'll have to push the local translation of that domain into the hosts file, or to a separate DNS server. 
  I'd try to avoid this configuration though, particularly as your references to MX earlier implies that this domain might be more active than just the web services discussed here — trying to run split-horizon DNS means you'll get what's internal and external somewhat tangled, and you'll have to keep mail — for instance — aimed outside and web services aimed internally.  This is possible for many cases, but gets tricky.
  Best to test the web site with a different domain name, and to use /-relative notation for accessing the files, or using the web content management system's configuration settings to control the "published" name of the site.

• How do I host multiple domains on a single Messaging Server?

  How do I host multiple domains on a single Messaging Server?
  <p>
  To host multiple domains on one Messaging Server, use the
  mailAlternateAddress attribute. If you want to host two domains
  (customer1.com and customer2.com) on your server mail1.domain.com,
  make sure that:
  The various domains (in DNS) point to the installed mail server
  (you must have the MX records that
  points mail for customer1.com to mail1.domain.com and
  customer2.com to mail1.domain.com)
  That each person receiving mail at customer1.com and
  customer2.com has an appropriate mailAlternateAddress
  attribute describing the appropriate email address. For
  instance, John Doe can have an email address (i.e. the value
  of the 'mail' attribute for the John Doe LDAP entry) of
  [email protected] and receive his mail on
  [email protected] (the value of the mailAlternateAddress
  attribute)
  With Messaging Server 3.5, mailAlternateAddress can take the
  form of @mail1.domain.com. If jdoe's mailAlternateAddress is
  set to @mail1.domain.com, mail sent to [email protected]
  will be delivered to [email protected]

  jaygatsby1123 wrote:
  So what exactly am I doing with virtual hosts?  There is a place for Aliases...  What would I put in the "Aliases" box?
  Any other host name that you want to resolve to the specified virtual host.  It's quite literally an alias.
  if you want www.example.com and www.example.org to end up at the same web site and you already have a virtual host — Apple refers to virtual hosts as sites — configured for www.example.com in Server.app, then you'd add www.example.org as an alias for the www.example.com virtual host (site).
  Virtual hosts are implemented in a web server using some details of the HTTP or HTTPS protocol, and what the web browser (client) specified.  The client gets handed an IP address or a domain name by the user, and the client then fetches the associated IP address for the target web server from the client's DNS services or local host database, and the client then connects to the IP address and passes over the text string that the user had requested — the IP address or domain name or even some local shortcut set up in the client system — via the HTTP or HTTPS protocol.  The web server receives and processes this arriving text string from the client, and uses it to select which web site to render back to the web client.   One subtle detail lurks here, too: the server's own DNS configuration really isn't involved in the selection of the virtual host.

• How best to handle multiple web sites using iWeb 08

  I currently am using iWeb08. I am maintaining two websites; The church site resides on a Rogers server. I use Transmit as a FTP loader. The other site is an engineering society's website that is posted on Apple's server. I have an ME account just for the latter group. iWebsites is used to alternate between the two sites. The church group has a .ca web address.
  Is it worth upgrading to iWeb 09? How does iWeb09 handle 2 websites? I wish I could publish both to the Mac account but have not figured out how. I must retain the rogers account for viewing the church site
  Has anyone deleted iWebsites from OX10.5.6? How was it done? I know that backups are mandatory before attempting these changes.
  Thanks,
  Bill

  In its current form, iWeb '09 doesn't handle publishing well at all!
  I keep all my sites on separate domain files, each in their own folder. Any site is launched in iWeb by double clicking the domain file. I start each new site from a new, blank domain file.
  I keep all my website folders in a folder in a second dock so that I can launch any site with two mouse clicks - faster than you can launch iWebsites!
  You can publish as many sites as you want to one MobileMe account but you can only have domain name forwarded as Cname. Any more have to use masking with all its inherent problems.
  I would be more inclined to dump MobileMe and publish both sites to a decent hosting company.
  The new iWeb '09 FTP works for some. I have tested it with my server - Host Excellence - which doesn't force you to upload to a Public_html folder and this goes as planned.
  Having said that, I still publish to a local folder as I optimize and upload my files using Web Site Maestro. Once you have published your site for the first time, this application will then use its Smart Handling feature to process the changed files only.
  Unless all your viewers use Macs you have to optimize to get your pages to download in that browser that all the Fred Flintstones of the world use.

• Can you host multiple domain names on mobile me with iWeb '09?

  Hi
  Can anyone help, before I upgrade to iLife '09, I have a personal web domain name which I host on my mobileme account. My girlfriend now wants a website and I have bought her a domain name and want to use iWeb to design it but I can't seem to host multiple domains on iWeb '08, can you with iLife '09? Or will she have to buy her own mobile me account? Any help will be great!!!
  Thanks

  MobileMe -MME -is Apple's hosting service.
  Domain Name System - DNS translates an understandable address like www.mywebsite.com into the IP address which is a number like 40:75:92:301.
  Cname is a name of record in a database that records what domain name goes to what IP address.
  IP address is just a unique number that identifies any device connected to the internet.
  An FTP client is an application the uploads your files to a server using File Transfer Protocol.
  I mainly use Web Site Maestro because it doesn't just upload the files but optimizes them first to remove all the unnecessary code that iWeb creates to allow your website to download at least 30% faster.
  I also use Yummy FTP for sorting out and keeping track of my files on the server and uploading folders of images and music files along with their assets for flash presentations.
  I have used Host Excellence for years because of the way they allow you to name your own root folder on the server and also their great tech support.
  FTP and servers can be a bit confusing but, if you have a good hosting company, you can get by on very little knowledge and understanding. I do!
  I couldn't agree more with you about the acronyms and jargon. The more people use them usually means the less they know. One of the most misused words is "domain". I tried to sort that one out here...
  http://www.iwebformusicians.com/SearchEngines/Upload.html
  Now I'm going FUH and ATNP.

• Multiple SSL terminations - 1 CSS11506

  Well the questions keep coming.
  Can anyone point me in the right direction for setting up multiple SSL terminations, 443 port for them all and multiple VIPS. So far I have one SSL site working but when i try to make my 2nd ssl proxy list active it says only one active at a time. So looking for sample configs to make this happen.
  Cheers
  Dave

  Thanks man, I read up a bit more and figured that out..Here is my config so far...
  ssl associate rsakey myrsakey1 CSSrsakey1
  ssl associate cert myrsacert1 CSScertfile1
  ssl associate rsakey myrsakey2 CSSrsakey2
  ssl associate cert myrsacert2 CSScertfile2
  ip route 0.0.0.0 0.0.0.0 192.168.20.1 1
  !************************** CIRCUIT **************************
  circuit VLAN1
  ip address 192.168.20.20 255.255.255.0
  !*********************** SSL PROXY LIST ***********************
  ssl-proxy-list ssl-list
  ssl-server 90
  ssl-server 90 vip address 192.168.20.100
  ssl-server 90 cipher rsa-with-des-cbc-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-3des-ede-cbc-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-rc4-128-sha 192.168.20.50 80
  ssl-server 90 cipher rsa-with-rc4-128-md5 192.168.20.50 80
  ssl-server 90 rsacert myrsacert1
  ssl-server 90 rsakey myrsakey1
  ssl-server 90 urlrewrite 22 www.test.com
  ssl-server 91
  ssl-server 91 vip address 192.168.20.101
  ssl-server 91 cipher rsa-with-des-cbc-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-3des-ede-cbc-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-rc4-128-sha 192.168.20.60 80
  ssl-server 91 cipher rsa-with-rc4-128-md5 192.168.20.60 80
  ssl-server 91 rsacert myrsacert2
  ssl-server 91 rsakey myrsakey2
  ssl-server 91 urlrewrite 23 www.test1.com
  active
  !************************** SERVICE **************************
  service SSLWWW
  type ssl-accel
  slot 6
  keepalive type none
  add ssl-proxy-list ssl-list
  active
  service rprox1
  ip address 192.168.20.50
  protocol tcp
  port 80
  active
  service rprox2
  ip address 192.168.20.60
  protocol tcp
  port 80
  active
  !*************************** OWNER ***************************
  owner CMPA
  content HTTP_rule
  protocol tcp
  add service rprox1
  port 80
  url "//www.test.com/*"
  vip address 192.168.20.100
  content SSLrule2
  protocol tcp
  vip address 192.168.20.101
  application ssl
  add service SSLWWW
  port 443
  active
  content ssl
  vip address 192.168.20.100
  application ssl
  add service SSLWWW
  port 443
  protocol tcp
  active