10.8.2. The Secure Web Server Virtual Host
By default, the Apache HTTP Server is configured as both a non-secure and a secure server. Both the non-secure and secure servers use the same IP address and hostname, but listen on different ports: 80 and 443 respectively. This enables both non-secure and secure communications to take place simultaneously.
One aspect of SSL enhanced HTTP transmissions is that they are more resource intensive than the standard HTTP protocol, so a secure server cannot serve as many pages per second. For this reason, it is often a good idea to minimize the information available from the secure server, especially on a high traffic website.
Important
Do not use name-based virtual hosts in conjunction with a secure Web server as the SSL handshake occurs before the HTTP request identifies the appropriate name-based virtual host. Name-based virtual hosts only work with the non-secure Web server.
The configuration directives for the secure server are contained within virtual host tags in the
/etc/httpd/conf.d/ssl.conf
file.
By default, both the secure and the non-secure Web servers share the same
DocumentRoot
. It is recommended that a different DocumentRoot
be made available for the secure Web server.
To stop the non-secure Web server from accepting connections, comment out the line in
httpd.conf
which reads Listen 80
by placing a hash mark (#
) at the beginning of the line. When finished, the line looks like the following example:
#Listen 80
For more information on configuring an SSL enhanced Web server, refer to the chapter titled Apache HTTP Secure Server Configuration in the System Administrators Guide. For advanced configuration tips, refer to the Apache Software Foundation documentation available online at the following URLs: