When using the 2.6 Linux kernel or RedHat 9.0, you can use the standard user-name configuration. On older Linux versions, you'll need to use a bit of trickery.

You can use kernel based port forwarding. This feature is not available for all flavours of Unix, but at least for recent Linux kernels (2.4) it works fine.

Here is a very basic example for iptables in a static environment (static means that the example does not deal with ppp connections properly, you might have to add something similar to your ip-up/down scripts).

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080

ipchains (for Linux 2.2. kernels) should work similar - it might also be possible to map the port directly inside your firewall.

• Apache documentation

• Erik's Weblog - Converting a JSSE Keystore to OpenSSL

The basic way to configure ssl for multiple virtual hosts is to bind an https listener to the ip address (interface) for the corresponding virtual host:

<http host="*" port="80"/> <http host="199.199.0.10" port="443" virtual-host="gryffindor.com"> <openssl> <certificate-file>keys/gryffindor.crt</certificate-file> <certificate-key-file>keys/gryffindor.key</certificate-key-file> <password>test123</password> </openssl> </http> <http host="199.199.0.11" port="443" virtual-host="slytherin.com"> <openssl> <certificate-file>keys/slytherin.crt</certificate-file> <certificate-key-file>keys/slytherin.key</certificate-key-file> <password>test123</password> </openssl> </http> ... <host id="gryffindor.com"> <host-alias>www.gryffindor.com</host-alias> ... </host> <host id="slytherin.com"> <host-alias>www.slytherin.com</host-alias> ... </host> ...

If you want to keep one .conf file for different environments, you can use the configuration control statements .

<resin:choose> <resin:when test="${sslmode == 'production'}"> <resin:log>Production mode https listeners</resin:log> <http host="199.199.0.10" port="443"> <openssl> <certificate-file>keys/gryffindor.crt</certificate-file> <certificate-key-file>keys/gryffindor.key</certificate-key-file> <password>test123</password> </openssl> </http> <http host="199.199.0.11" port="443"> <openssl> <certificate-file>keys/slytherin.crt</certificate-file> <certificate-key-file>keys/slytherin.key</certificate-key-file> <password>test123</password> </openssl> </http> </resin:when> <resin:when test="${sslmode == 'staging'}"> <resin:log>Staging mode https listeners</resin:log> <http host="198.168.0.5" port="443"> <openssl> <certificate-file>keys/gryffindor.crt</certificate-file> <certificate-key-file>keys/gryffindor.key</certificate-key-file> <password>test123</password> </openssl> </http> <http host="198.168.0.6" port="443"> <openssl> <certificate-file>keys/slytherin.crt</certificate-file> <certificate-key-file>keys/slytherin.key</certificate-key-file> <password>test123</password> </openssl> </http> </resin:when> <resin:otherwise> <resin:log>Development mode https listeners</resin:log> <http host="*" port="443"> <openssl> <certificate-file>keys/test.crt</certificate-file> <certificate-key-file>keys/test.key</certificate-key-file> <password>test123</password> </openssl> </http> </resin:otherwise> </resin:choose>

Then start Resin with a -Dsslmode={production|staging|development}.

unix> bin/httpd.sh -Dsslmode=production ... win> httpd.exe -Dsslmode=production ... unix> bin/httpd.sh -Dsslmode=staging .... win> httpd.exe -Dsslmode=staging .... unix> bin/httpd.sh -Dsslmode=development ... win>$ httpd.exe -Dsslmode=development ...