Is it better to use one IP address per domain?

The main domain for my business is

kirkbymicrowave.co.uk

so https://www.kirkbymicrowave.co.uk/ is my main website

My amateur radio club, https://www.dhars.org.uk/ is on the same server, but uses a different IP address, as I was under the impression it was better to use different IP addresses.

My web server is
Server version: Apache/2.4.25 (Debian)
Server built: 2018-11-03T18:46:19

The operating system my web server runs on is
Linux localhost 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux

I have a virtual private machine, with root access. I don’t use cpanel - just the command line.

Since I have different IP addresses for the two domains, the Virutal hosts definitions look a bit different

<VirtualHost 109.228.58.153:443> for kirkbymicrowave.co.uk
<VirtualHost 109.228.59.169:443> for dhars.org.uk

I have a few more domains, which are common mis-spellings of my company domain, so the following sites, should if configured properly, all work

https://www.kirbymicrowave.co.uk/ - redirects to https://www.kirkbymicrowave.co.uk/ okay
https://www.kirkbymicrowave.com/ - should redirect to https://www.kirkbymicrowave.co.cuk, but I see that is broken.

Would it be better to have a different IP address for each domain - or at least keep the important sites on their own IP address? I can get as many IP addresses as I want, but they all have to be paid for, and that is not an intransigent amount of money each month.

Dave

In my opinion, the only advantage of a single IP address per hostname is the benefit of very old browser support.

Modern browsers us server name indication to support multiple hostnames behind a single IP address. On the Wikipedia page you can see a list of clients and from which version SNI is supported.

As for the redirect: your Apache configuration for the .com TLD is incorrect. You have the .co.uk certificate enabled, which gives rise to SSL errors because of the hostname mismatch. You need to enable the correct SSL certificate. Even when accepting this erroneous certificate, there is no redirect indeed. It’s missing.

2 Likes

Thank you. Given I have two IP addreses, would it be more sensible to

  1. Put the main business site on its own IP, to get maximum browser compatability.
  2. Put the amateur radio club, and the domains that are common mis-spellings, on another IP address.

That would seem a way to maximise the use of the IP addresees I have, but if you have any better ideas, I’d welcome them.

Perhaps stop paying for a second IP might not be such a bad idea!

Hi @drkirkby

do you have relevant Windows Internet Explorer 6 + XP users?

If not, ignore the older browsers. Check tests of ssllabs, there you see which clients don't support SNI -> irrelevant.

One server -> one ipv4, one ipv6, that's enough.

You shouldn’t even need two IPs for that – if you have one IP and Apache lets you set that one certificate as the default for clients that don’t support SNI.

Also, millions of websites don’t try to maintain compatibility with clients that old. Plus you’d have to enable older cryptographic algorithms that are sometimes off by default, and test your CSS and JavaScript and so forth…

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.