Hi all,

This post is a sequel of my last one - in this one I will demonstrate how I used SNI to have two different domains pointing to the same IP address using SSL.

For this demonstration, I'm going to use h5ai - "a modern file indexers for HTTP servers" which is super cool and if you haven't tried it out yet, you should!

Note that I want h5ai only accessible over SSL, so we'll create a new self-signed SSL cert for it.

Also note that I want this to work side by side with the Nibbleblog we installed above, but they'll be using different SSL certs

on the SAME IP address - this is achieved by using SNI - look at the Hiawatha docs here for details.

cd /etc/ssl/
openssl req -subj '/CN=photos.domain1.com/C=US' -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout photos.serverkey.pem -out photos.server.crt
cat photos.server.crt >> photos.serverkey.pem
rm -f photos.server.crt
chmod 400 photos.serverkey.pem

Add a new Hiawatha Virtual Host - again note that I want this only accessible over SSL:

VirtualHost {
 Hostname = photos.domain1.com
 WebsiteRoot = /var/www/photos-domain1
 AccessLogfile = /var/log/hiawatha/photos.domain1-access.log
 ErrorLogfile = /var/log/hiawatha/photos.domain1-error.log
 UseToolkit = h5ai
 TimeForCGI = 5
 UseFastCGI = PHP5
 RequireSSL = yes
 SSLcertFile = /etc/ssl/photos.serverkey.pem
}

And here's the URLToolkit to go with it (stolen from here: https://www.hiawatha-webserver.org/howto/url_rewrite_rules) - add this in your Hiawatha config too:

UrlToolkit {
 ToolkitID = h5ai
 RequestURI isfile Return
 Match .* Rewrite /_h5ai/server/php/index.php
}

Download and unzip h5ai:

cd /tmp/;wget https://release.larsjung.de/h5ai/h5ai-0.27.0.zip
mkdir /var/www/photos-domain1
unzip h5ai-0.27.0.zip -d /var/www/photos-domain1/
chown -R hiawatha:hiawatha /var/www/photos-domain1/

Right on - now restart Hiawatha to make the changes take effect:

/etc/init.d/hiawatha restart

Don't forget to add another entry in your /etc/hosts for photos.domain1.com:

45.58.43.104 photos.domain1.com

Done!