CentOS 5 64 Bit - Fresh Install - How to best use IPs?

rndinit0

Verified User
Joined
Jan 15, 2005
Messages
98
Ok lets say I have the following IPs (I will use private Ip's as an example)

192.168.1.1 -> fqdn.myserver.com
192.168.1.2 -> ns1.myserver.com
192.168.1.3 -> ns2.myserver.com
192.168.1.4 -> Shared IP #used for shared webhosting

*192.168.1.4 -> www.myserver.com
*(1st & Main Reseller aka Me the server owner)

The Site http://www.myserver.com would be used as my companies site.
This site will list all packages, pricing, contact info etc.

The shared IP 192.168.1.4 will be used for all of my customers. That means whenever I create a new user from my reseller account they will be assigned this IP.

Now here is what Im worried about (cause on my previous setup I had not done this).

Is this the right way to do it?

I would like to be able to use my own "paid" ssl certs for www.myserver.com for e-commerce transactions.

I would also like the customers to access the DA Control Panel via shared server (or would it be shared IP wise for all domains)SSL with a valid cert w/o being prompted with domain mismatch warnings.

Am I on the right track here? How would you do this?
And what steps would follow?

Does the client access his CP by using the sharedip:2222
Should I map a sub/domain to that IP? Example cp.myserver.com -> 192.168.1.4

--------- This has always been confusing for me -----------

Previously I had it like this:

.1 -> www.myserver.com
.2 -> ns1
.3 -> ns3

.1 -> shared ip (same as www.myserver.com) *plenty of SSL problems followed.
 
Hello,

The issue is that you want to put an SSL certificate on a shared IP.
The best way would be to your your SSL site onto an "owned" IP by itself. The 192.168.1.2 would be fine for your site, if you wanted to do it that way.
OR you can put your site's SSL certificate into apache as the shared server certificate (/etc/httpd/conf/ssl.crt/server.crt + /etc/httpd/conf/ssl.key/server.key) but then everyone on any shared IP will see that certificate when they go to their site on https/ssl (443).

Related:
http://help.directadmin.com/item.php?id=89

If you go with the shared server IP route, then you'd also have to add a:
SSLCACertificateFile /path/to/your/caroot.cert
in the main https virtualhost for your server IP in your httpd.conf setup, as it's not there by default (has to be done manually). This is another reason why using an owned IP for SSL Certificates is recommended. (All shared IPs use the shared server certificate)

And yes, hissite.com:2222 will work. Anything that resolves to your server, with :2222 at the end will work. Even direct IP: 192.168.1.2:2222 is fine.
Using cp.domain.com:2222 is a bit redundant. I believe you're thinking DA runs through apache. It does not, it's its own daemon, so any connection to your server on port 2222 goes to DA. The host makes no difference.

John
 
Back
Top