Serving multiple HTTPS sites with one IP on Apache

Question

I have one machine with public IP currently serving a SVN repository through dav_svn on HTTPS; now I need to install Redmine and serve it on HTTPS too. I also need to be able to connect to both sites/application using an IP address because I can't trust internal DNS resolving nor I can edit hosts files.

What is the best solution? Is it feasible to move SVN on localhost:SomePort, Redmine to localhost:SomeOtherPort and to install an HTTPS reverse proxy (like Pound) to redirect connections using pattern/URL matching?

Answer 1

There are a few solutions - one is to buy a wildcard certificate and serve that everywhere. Another is to make sure you are using at least Apache 2.2.12 and enable SNI, which allows you to use SSL with name-based virtual hosts for the few browsers that support it. Or, you can add a public IP, add a virtual private IP on the server and map them on your firewall and use IP based hosting.

Answer 2

It seems like you have pretty much boxed yourself out of virtual hosting with those requirements.

That being said you should have no problem running things on different ports and accessing those ports directly over ssl.

or

Running the services under different apache roots / subtrees with a single master ssl cert.

or

Running the different services with straight http localhost, and then using a reverse proxy you say or even apache proper to handle the SSL front end while doing a backend connection over http to the service in question. I think I would take a look at nginx, I don't think pound is going to do what you want since its specifically geared towards load balancing not targeted proxy redirection / regex.