8.2. The Secure Web Server Virtual HostBy default, the Apache HTTP Server is configured as both a non-secure and a secure server.Both the non-secure and secure servers use the same IP address and hostname, but listen ondifferent ports: 80 and 443 respectively. This enables both non-secure and securecommunications to take place simultaneously.One aspect of SSL enhanced HTTP transmissions is that they are more resource intensive thanthe standard HTTP protocol, so a secure server cannot serve as many pages per second. Forthis reason, it is often a good idea to minimize the information available from the secure server,especially on a high traffic website.ImportantDo not use name-based virtual hosts in conjunction with a secure Web server asthe SSL handshake occurs before the HTTP request identifies the appropriatename-based virtual host. Name-based virtual hosts only work with thenon-secure Web server.The configuration directives for the secure server are contained within virtual host tags in the/etc/httpd/conf.d/ssl.conf file.By default, both the secure and the non-secure Web servers share the same DocumentRoot. Itis recommended that a different DocumentRoot be made available for the secure Web server.To stop the non-secure Web server from accepting connections, comment out the line inhttpd.conf which reads Listen 80 by placing a hash mark (#) at the beginning of the line.When finished, the line looks like the following example:#Listen 80For more information on configuring an SSL enhanced Web server, refer to the chapter titledApache HTTP Secure Server Configuration in the Red Hat Enterprise Linux SystemAdministration Guide. For advanced configuration tips, refer to the Apache Software Foundationdocumentation available online at the following URLs:• http://httpd.apache.org/docs-2.0/ssl/• http://httpd.apache.org/docs-2.0/vhosts/9. Additional ResourcesTo learn more about the Apache HTTP Server, refer to the following resources.Additional Resources183
