Menu
▾
▴
Re: [webmin-l] SSL
|
From: Kris D. <kd...@vi...> - 2006-03-27 22:22:02
|
Barry wrote: > I wonder if you cold have multiple https listening ports on inside > addresses (192.168.x.x for example), and then proxy/NAT to those *at the > firewall* to those ports, based on the domain name or the request somehow? Once again, in short, no; reread my previous message carefully. The site MUST be identified based on the (public!) IP and port - no other information is available before the SSL layer is engaged, and after it's engaged you can't renegotiate the SSL parameters. Which leaves you stuck trying to having to identify which site to serve based on information you don't have yet. About the best you could do - and it's pretty ugly, I'd NEVER rely on it to function correctly in production - is a truly barbaric hack to redirect from https://site.com to https://realsite.com:newport on the fly. I'm not certain if it would even be possible; it would depend on which headers are actually sent by the browser. You'd still end up with certificate mismatch headaches, because the initial connection wouldn't be handled by a vhost with the correct certificate for the site you actually want to visit. Googling for "SSL handshake HTTPS certificate" should turn up some relevant results. -kgd |
