# Serving multiple SSL websites on 1 box behind 1 public IP

## OakRaider4Life

I maintain a small private server which I use to serve up a personal website and serve websites for a couple of friends as well. Currently, I do this with name based virtual hosting, but I would like to be able to secure each of these sites with their own SSL certificates. I understand that I can do this by switching over to IP based virtual hosting and using IP aliases, but what I'm struggling with is the best way to securely deliver HTTPS requests to those virtual hosts.

The option I've been exploring the most extensively is the apache reverse proxy, but it seems to present challenges to ensuring separate, secure, SSL connections between each host and its clients that make me think I should start looking elsewhere (e.g., anyone connecting to any of the websites would be sharing the same encrypted pipeline since they connect to the same proxy).

The option I've started looking at since is using Apache's redirect rules to redirect a request to it's appropriate IP based virtual host. However, the challenge here seems to be that redirect rules don't appear to be intended to reroute a request coming from outside of the subnet to a different subnet IP address.

I've considered exploring the option of setting up a DNS name server and setting up my DNS records to point to it, but this would mean I have a lot of reading ahead of me, and a whole mess of time to invest in setting it up. Obviously, I'd prefer to be able to play with a few config files to make it work.

Am I even on the right track? Can anyone comment on these possible solutions or point me in the direction of a better one?

----------

## OakRaider4Life

And the solution is:

There was never a problem. My information was outdated, as modern versions of every major browser and apache support name based ssl through SNI. Maybe this inquiry will help someone some day -_-

http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

----------

## Mad Merlin

 *OakRaider4Life wrote:*   

> And the solution is:
> 
> There was never a problem. My information was outdated, as modern versions of every major browser and apache support name based ssl through SNI. Maybe this inquiry will help someone some day -_-
> 
> http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
> ...

 

Yes, SNI is the solution that you're looking for. You really need to know the browser demographics of your users though, as there is no option for graceful degredation, the page simply won't load if they don't have SNI. Among the general public, there's still huge swaths of people with no SNI support (primarily those still on XP, no version of IE on XP supports SNI).

----------

