My next question involves the way we serve up some images on our site from a kind of odd configuration.
Most of our website is hosted from a virtual machine running Windows 2012 server. But our image collection necessitates the usage of another virtual machine on the same hardware running Windows 2003 server. The 2003 server is necessary to run the proprietary image software called “Mr.Sid”. Those Sid images are called up when someone visits the site and served via port 81. the two VM’s share the same external IP address (18.104.22.168).
Before I move ahead and use up my client’s budget, I wonder if this is going to make my SSL fail? Will Chrome cough up an SSL error message because the images are coming via port 81?
If so, is there some way I could get a certificate for the 2003 server machine? Or some other workaround?
The problem for the security warnings is not the port number, but the protocol. For example, if you had an HTTPS service on port 443 and another one on port 444, and you had an HTTP service on port 80 and another one on port 81, you could have URLs like
https://example.com/ ← uses HTTPS on port 443
https://example.com:444/ ← uses HTTPS on port 444
http://example.com/ ← uses HTTP on port 80
http://example.com:81/ ← uses HTTP on port 81
If you load any HTTP resources inside an HTTPS page, you can get a warning from the browser that the page is not secure because of mixed content. That is true regardless of which particular port number is used for the HTTP connection.
One option might be to use a reverse proxy like Squid running on the same machine, which forwards requests that come in on one port and protocol to the same port and protocol on localhost. In that case, you could set up HTTPS with the Squid listener, so that people could access the service via HTTPS but receive things that were locally served by HTTP. (Nginx is also good at doing this, I think via the
proxy_pass directive or something.) Depending on the server configuration, the reverse proxy does not necessary need to be running in the same VM as the thing that it’s proxying for.
If the Mr.Sid software only knows how to speak HTTP, you won’t be able to load a certificate into it, but you can try to wrap the connections to it via some kind of proxy method.
IIS can reverse proxy too, but it isn’t included with the web server like it is with Apache and nginx, you have to install extra things from Microsoft:
Thanks folks. Looks like there are a couple options to try.
My colleague also discovered this:
So it appears its doable.
Forgot to mention I am using Apache…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.