Added support for IP-based SSL virtual hosts in apache

apache/templates/site.https.conf.erb

@@ -1,91 +1,4 @@
-#
-# This is the Apache server configuration file providing SSL support.
-# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these 
-# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
-# 
-# Do NOT simply read the instructions in here without understanding
-# what they do.  They're here only as hints or reminders.  If you are unsure
-# consult the online docs. You have been warned.  
-#
-
-#
-# Load SSL module if not loaded
-#
-<IfModule !mod_ssl.c>
-LoadModule ssl_module modules/mod_ssl.so
-</IfModule>
-
-#
-# When we also provide SSL we have to listen to the 
-# the HTTPS port in addition.
-#
-Listen 443
-
-<% if operatingsystem == 'CentOS' or operatingsystem == 'Fedora' -%>
-##
-##  SSL Global Context
-##
-##  All SSL configuration in this context applies both to
-##  the main server and all SSL-enabled virtual hosts.
-##
-
-#
-#   Some MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl    .crl
-
-#   Pass Phrase Dialog:
-#   Configure the pass phrase gathering process.
-#   The filtering dialog program (`builtin' is a internal
-#   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog  builtin
-
-#   Inter-Process Session Cache:
-#   Configure the SSL Session Cache: First the mechanism 
-#   to use and second the expiring timeout (in seconds).
-#SSLSessionCache        dc:UNIX:/var/cache/mod_ssl/distcache
-SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
-SSLSessionCacheTimeout  300
-
-#   Semaphore:
-#   Configure the path to the mutual exclusion semaphore the
-#   SSL engine uses internally for inter-process synchronization. 
-SSLMutex default
-
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-#   WARNING! On some platforms /dev/random blocks if not enough entropy
-#   is available. This means you then cannot use the /dev/random device
-#   because it would lead to very long connection times (as long as
-#   it requires to make more entropy available). But usually those
-#   platforms additionally provide a /dev/urandom device which doesn't
-#   block. So, if available, use this one instead. Read the mod_ssl User
-#   Manual for more details.
-SSLRandomSeed startup file:/dev/urandom  256
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-#
-# Use "SSLCryptoDevice" to enable any supported hardware
-# accelerators. Use "openssl engine -v" to list supported
-# engine names.  NOTE: If you enable an accelerator and the
-# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly. 
-#
-SSLCryptoDevice builtin
-#SSLCryptoDevice ubsec
-<% end -%>
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:443>
+<VirtualHost <%= ipaddr %>:443>
 
 # General setup for the virtual host, inherited from global configuration
 DocumentRoot "/srv/www/https/<%= site_fqdn %>"
@@ -236,5 +149,4 @@ SetEnvIf User-Agent ".*MSIE.*" \
 
 Include <%= site_confdir %>
 
-</VirtualHost>                                  
-
+</VirtualHost>

apache/templates/ssl.conf.erb

@@ -0,0 +1,63 @@
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
+
+Listen 443
+<% if operatingsystem == 'CentOS' or operatingsystem == 'Fedora' -%>
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+#SSLSessionCache        dc:UNIX:/var/cache/mod_ssl/distcache
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+SSLMutex default
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+<% end -%>