Forum
Multiple SSL Certificates
ajayahmed
16 August 2010, 20:52
Hello
First of all, I only recently found out about Hiawatha and I'm extremely impressed by its performance. I am however having a problem. Is there anyway I can set up different SSL certificates for different virtual hosts on the same IP Address?
e.g. (which produces a syntax error)
With other web servers they used SNI (Server Name Indication) to do this but their performance is too slow that's why I'm testing Hiawatha to see if it's corporate ready.
If it helps, I'm looking for anything that makes it work. For example, can I make Hiawatha have virtual hosts for test1 on 127.0.0.1, test2 on 127.0.0.2 etc and have some sort of alias for test2.mydomain.com to go to the specific local IPs OR another similar example test1 on 127.0.0.1:80, test2 on 127.0.0.1:81 etc and point test2.mydomain.com to the local port of 81? Something to feed virtual hosts to certain ports? These are just some ideas.
The only easy alternative is to use a wildcard certificate but I've already purchased an extended validation which is vital to my business. Is there a way to merge 5 different certificates? I tried this on another server with certificates in one file and keys in another; and it took up to a minute just to load "Hello".
Can anyone shed some insight on this?
Hiawatha version: 7.3
Operating System: CentOS 5.2
First of all, I only recently found out about Hiawatha and I'm extremely impressed by its performance. I am however having a problem. Is there anyway I can set up different SSL certificates for different virtual hosts on the same IP Address?
e.g. (which produces a syntax error)
VirtualHost {
RequireSSL = yes
SSLcertFile = /etc/ssl/h/server.key
Hostname = test1.mydomain.com
WebsiteRoot = /var/www/test1
StartFile = index.html
}
With other web servers they used SNI (Server Name Indication) to do this but their performance is too slow that's why I'm testing Hiawatha to see if it's corporate ready.
If it helps, I'm looking for anything that makes it work. For example, can I make Hiawatha have virtual hosts for test1 on 127.0.0.1, test2 on 127.0.0.2 etc and have some sort of alias for test2.mydomain.com to go to the specific local IPs OR another similar example test1 on 127.0.0.1:80, test2 on 127.0.0.1:81 etc and point test2.mydomain.com to the local port of 81? Something to feed virtual hosts to certain ports? These are just some ideas.
The only easy alternative is to use a wildcard certificate but I've already purchased an extended validation which is vital to my business. Is there a way to merge 5 different certificates? I tried this on another server with certificates in one file and keys in another; and it took up to a minute just to load "Hello".
Can anyone shed some insight on this?
Hiawatha version: 7.3
Operating System: CentOS 5.2
Hugo Leisink
16 August 2010, 21:37
Hiawatha has no support for SNI. I've tried implementing it, but since the OpenSSL documentation is incomplete and pretty worthless when it comes to SNI, I wasn't able to do so. What you can do is place a reverse proxy which has SNI support in front of Hiawatha, for example Pound [www.apsis.ch].
About your virtual host on specific hostname/ports, you should take a look at the BindingId (gives a binding an ID) and RequiredBinding (tells which binding must be used to access the virtual host) settings. I think that offers what you are looking for.
About your virtual host on specific hostname/ports, you should take a look at the BindingId (gives a binding an ID) and RequiredBinding (tells which binding must be used to access the virtual host) settings. I think that offers what you are looking for.
ajayahmed
18 August 2010, 13:15
Thanks! Is there anyway to forward a virtual host to another server similar to:
http://www.sematopia.com/2007/09/apache-forwarding-requests-to-another-server/
Hugo Leisink
18 August 2010, 21:21
No. Hiawatha is a webserver. If you want reverse proxy functionality, you should use a reverse proxy application.
ajayahned
29 August 2010, 17:27
I've found Hiawatha performs faster on it's own than with a front-end, it may be because of my limited resources on my dedicated server. Anyway one of the reasons why I needed this was because the server is running an Asterisk PBX server (using pbxinaflash os template). I'm also using webmin to configure clusters and theres a web based panel to control the PBX. Webmin runs on 2001, pbx web panel runs on port 2002.
If I could have your assistance one last time. A large portion of the memory is reserved for the back-end services and I have only 256mb of ram to utilize for Hiawatha. I want to milk what's left and get higher performance with the RAM I have left.
Do you have any tips for hiawatha.conf (configs below minus a few virtual hosts), php-fcgi.conf and php.ini? All articles I found on Google relate to other web servers and even making those modifications didn't really help. Apache delivers content over SSL faster but maybe it's becaues I haven't set enough connections to be available or the fastcgi fork number is too low.
Please, I would appreciate any assistance you can give (and this will be the last of them)
If I could have your assistance one last time. A large portion of the memory is reserved for the back-end services and I have only 256mb of ram to utilize for Hiawatha. I want to milk what's left and get higher performance with the RAM I have left.
Do you have any tips for hiawatha.conf (configs below minus a few virtual hosts), php-fcgi.conf and php.ini? All articles I found on Google relate to other web servers and even making those modifications didn't really help. Apache delivers content over SSL faster but maybe it's becaues I haven't set enough connections to be available or the fastcgi fork number is too low.
Please, I would appreciate any assistance you can give (and this will be the last of them)
ajayahned
29 August 2010, 17:28
Below is my hiawatha config file
ServerId = 100:101
ConnectionsTotal = 150
ConnectionsPerIP = 25
AllowedCiphers = blah blah
Binding {
Port = 80
MaxRequestSize = 1024
MaxKeepAlive = 30
TimeForRequest = 3,20
MaxUploadSize = 100
MaxRequestSize = 100000
}
Binding {
Port = 443
MaxKeepAlive = 30
TimeForRequest = 3,20
MaxUploadSize = 100
MaxRequestSize = 100000
SSLcertFile = /ssl/path/file.pem
}
Binding {
BindingId = pbx
Port = 2002
MaxKeepAlive = 30
TimeForRequest = 3,20
MaxUploadSize = 100
MaxRequestSize = 100000
SSLcertFile = /ssl/path/file.pem
}
Hostname = pub.ip.add.000
WebsiteRoot = /var/www/null
StartFile = index.html
#ErrorHandler = 404:/error.cgi
CGIhandler = /usr/bin/php-cgi:php
FastCGIserver {
FastCGIid = PHP5
ConnectTo = 127.0.0.1:2005
Extension = php
SessionTimeout = 15
}
VirtualHost {
Hostname = domain.com
RequiredBinding = pbx
WebsiteRoot = /var/www/html
StartFile = index.php
UseFastCGI = PHP
TimeForCGI = 5
ExecuteCGI = yes
AccessList = allow my.home.ip.add, deny all
RequireSSL = yes
}
Hugo Leisink
1 September 2010, 10:49
If you want to free more memory, try disabling PHP features you don't use. Hiawatha's binary is only 150kb, so Hiawatha won't be the problem. You can also use FastCGI and run your FastCGI applications on a different machine.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
