Configure Apache2 to run multiple secure, name based vhosts on the same IP

Apache2/SSL/vhosts on a single IP

Hosting in the cloud has some benefits, but one current drawback for Amazon's EC2 is the limitation of one external IP address for each instance. It is a common opinion that Apache can't share an IP with secure name based virtual hosts. I believed that for years. I arrived at this solution because I didn't want to pay for an instance for each secure subdomain (sql.example.com, admin.example.com, client.example.com) in addition to one for example.com.

The rule

An exception to the rule

You cannot put multiple SSL-enabled virtual Apache hosts onto the same IP and port , unless they are on the same domain and you have a wildcard ssl certificate.

Having different SSL domains on the same IP and port is a virtual chicken/egg problem. Apache doesn't know which host it is so it doesn't know which SSL cert to use. It doesn't know which cert to use until it knows which host it is.

The reason we can share the same IP, port and SSL cert with more than one name based host is this - Apache doesn't know which of the vhosts on the IP the traffic is for, but since they all use the same SSL cert, it can decrypt the request and successfully use the right virtual host.

Things you must not forget to remember

1. All vhosts must be fore the same domain.
2. You must have a wildcard certificate for the domain
3. You must manually set some Apache Environment Variables that it will set wrong
4. You must be specific as possible wiht the names of your hosts AND the port number
5. Only enable SSL for the first secure vhost in the file

Download the example below...


I hope this helps someone out. Feel free to email me if you have questions. This worked on Apache2 on Debian GNU/Linux lenny, I can't say what happens with other versions of Apache2 or PHP.
Download the example above