Henk-Jan Kloosterman wrote:
> As you stated: a key is for a certain host/domain name:
>
> Q: What if I want to accelerate multiple hosts?
That would be a todo for the code, to support one key per https_port.
Question: How would you like the configuration to read if accelerating 3
hosts?
Proposal: Instead of the ssl_certificate and ssl_key options, make these
arguments to https_port, allowing a list of ports and associated keys to
be build.
https_port 10.0.1.43:443 cert=/path/to/cert1.pem
https_port 10.0.1.44:443 cert=/path/to/cert2.pem
https_port 10.0.1.45:443 cert=/path/to/cert3.pem key=/path/to/key3.pem
(if only the certificate is specified then it is assumed it is a
combined certificate/key file)
Note: Due to the way SSL works, only one visible certificate/domain can
be supported per ip:port. The SSL handshake is taking place before it is
known which domainname the user has requested.
Another option for you is to use the accelerator to combine information
from several servers under one domain. The accelerator can with the help
of a redirector helper forward the request to different servers
depending on any aspect of the URL, not only the requested domainname.
Work is also being made to allow the accelerator to automatically
rewrite links and such thing which would make this a quite neat thing.
(i.e. you can then build a virtual domain of a collection of internal
information resources)
/Henrik
Received on Sun Feb 11 2001 - 15:47:49 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:29 MST