WebServer on non-standard ports

[jking]

Bruce,

     I have 5 secure NT apps each running on a port such as 9001, 9002 etc., on a single server.  Some users at other institutions find they cannot run these apps, propably due to blocking of non-standard ports.  According to the Always SSL example app, a NT server can run on a standard non-secure port and redirect to a secure port.  I thought I would try this but I don't believe I can run all 5 servers on say port 80, and then redirect these to individual secure ports.  Any suggestions?

Thanks,

Jeff King

[kevin plummer]

Hi Jeff,

I have run into the same problems where only port 443 will work with SSL for some users.

Starting at port 80 and redirecting to 9001 as SSL will not work as their firewall is blocking https running on all ports except 443, the std ssl port.

While it is not a prob for me at the moment as I have set to listen on 443, my longer term solution is to use MultiHost as I have 2 different apps which would need to listen on the same port.

[Bruce]

>> According to the Always SSL example app, a NT server can run on a standard non-secure port and redirect to a secure port.

yes, but this wouldn't solve your problem. It doesn't "tunnel" to a different port, it redirects the browser (ie the user) to use the different port. Which is still blocked.

If you are tied to port 443 then you have limited choices.
a) assign multiple IP addresses to the machine, bind each server to one of the IP addresses. This works fine as long as you can get the IP addresses (and usually you can).

b) if the sites are in the _same domain_, but different sub-domains (for example site1@capesoft.com and site2@capesoft.com) then you can purchase a "wildcard certificate" (for capesoft.com in this example), and run the multi-site-host _with that certificate_.

cheers
Bruce

[jking]

Bruce,

     I'm not clear on how using sub-domains with a wild card certificate will work with sites using SSL.  Can you expand on this?

Thanks,

Jeff

[Bruce]

so a "traditional" certificate binds to a name like
www.capesoft.com
_only_ the site www.capesoft.com can use this certificate (without a browser warning.)

if I have
fm3.capesoft.com or nettalk.capesoft.com or forums.capesoft.com they would need their own certificates.

A wildcard certificate though drops the first part. It's more expensive (but "reasonably" priced at godaddy and some others). On the other hand it can be used with any site ending in capesoft.com
so I can use the same certificate for www.capesoft.com, forums.capesoft.com and so on.

thus if I use the *.capesoft.com certificate on the multi-site host, then the multi-site host program can parse the incoming request, and based on the full url, pass that on to the correct dll.

cheers
Bruce