|« Security||INDEX||HOW-TOs »|
Table of Contents
|Listener to Virtual Host Mapping|
|Virtual Host List|
|Virtual Host General|
|Virtual Host Security|
Here are some basic concepts you should know before going into the detail of the configuration.
LiteSpeed web server can host multiple web sites (virtual hosts) with one server instance.
Traditionally virtual hosts are classified into two types: IP based virtual host and Name based virtual host. IP based virtual host refers to a web site that has its own unique IP address. Name based virtual host refers to a web site that shares one IP address with others. There is no clear distinction between them in LiteSpeed web server. IP based virtual hosting is considered as a special case of name based virtual hosting here. Both of them can be easily configured, or even mixed together.
Unlike other web servers, LiteSpeed web server does not have a default web site. Every web site is configured as a virtual host even only one web site is hosted.
A listener in LiteSpeed web server is a server socket that listens on specific IP address and TCP port. You can imagine the web server as a building and listeners are the doors to the building, clients (browser) have to go through a door to submit their requests.
For each listener, an IP address and a port number need to be specified. IP address can be any valid local IP address or the wild card IP that refers to all the available IP address on that machine. Port is an integer number between 0 and 65535. Official port for HTTP is 80, for HTTPS is 443. However, other ports can be used too. On UNIX machine, only super user "root" has permission to use ports below 1024.
Only one listener is allowed for each IP and port combination. Thus if a listener is configured on one port with the wild card IP address, it is not allowed to configure another listener on the same port, even only with one particular IP. For example, if there is multiple IP address on the web server machine, HTTP traffic needs to be allowed on port 8080 for all IP address, it can be configured in two ways: to set up only one listener using the wild card IP (*) and port 8080; or to set up multiple listeners, with each one using a particular IP and port 8080. These two methods cannot be mixed on the same port.
There are two types of listeners in LiteSpeed web server: plain and secure (SSL). Each secure listener requires a pair of SSL private Key and SSL certificate. The private key can be generated with SSL toolkit like OpenSSL. The SSL certificate can be self signed or obtained from SSL certificate issuer like VeriSign or Thawte. Same private key and certificate pair can be shared among multiple listeners.
Every listener has a virtual host lookup table. The data in the lookup table are key/value pairs. The key is a domain name for that virtual host; the value is the virtual host itself.
Here is how it works:
When a browser retrieving a web page from a web server, the IP address of the web server should be determined first with a DNS lookup; then a request to establish a TCP connection with the web server on the specific IP and port (a listener) will be sent; after the connection is established, a HTTP request including the domain name information of the web site being accessed will be sent. When the web server receives the request, the lookup table associated with that listener will be searched against the domain name in the request, if a match is found, the request will be routed to the virtual host for processing.
It is exactly how name based virtual hosting works, IP based virtual hosting is a special case of it.
In order to make a virtual host accessible through a specific listener, you must make sure:
A catchall virtual host can be specified for one listener with wild card domain name "*". When server cannot find a matching virtual host, the request will be routed to the catchall virtual host. If there is no such catchall virtual host configured, the web server will return error code 404.
Our design of Listener to Virtual Host Mapping provides ultra flexibility, which allows
Since a SSL certificate is bundled with a listener, if a virtual host requires a dedicated certificate, a dedicated SSL listener must be created for that virtual host. In other words, that virtual host must be an IP based virtual host.
|« Security||INDEX||HOW-TOs »|