Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SNI alternative 
Hi,

On Sat, Feb 8, 2014 at 12:25 AM, Steve Sobol - Lobos Studios
<steve@xxxxxxxxxxxxxxxx> wrote:
> Good afternoon -
>
> While we're waiting for Java 8... Are there any alternatives to SNI that
> will allow more than one SSL cert to be hosted on the same IP?
>
> Apache already supports SNI. Maybe mod_jk? My Apache server and my Jetty
> server are running on different physical machines... will this make a
> difference?

Depends what you need to do.
If you just need to serve the right certificate, you can use Apache or HAProxy.
Either can reverse proxy to Jetty, where you will just need to inspect
the "Host" header.

We have a good experience with HAProxy, that can offload SSL (and
hence take care of SNI as well), and can "tunnel" as is to Jetty
instead of reverse-proxying it.
That is how we have deployed our own websites.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
http://intalio.com
Developer advice, training, services and support
from the Jetty & CometD experts.
Intalio, the modern way to build business applications.

Back to the top