Obviously, shared hosting as it was conceived for HTTP does not work for HTTPS because security measures prevent browsers from sending host information to the server. Despite the fact that the problem of depletion of IPv4 has not yet been resolved, the adoption of cloud technologies is constantly growing in the industry. They require load balancing and multiple standby servers with failover, virtual hosting is still required.
What is Virtual Hosting?
Shared hosting is a method of hosting multiple domain names with separate processing of each name on one server or server pool. This allows 1 server to share resources such as memory and cpu cycles, unnecessarily all services use the same hostname. This is often used for shared web hosting as many clients can be hosted on the same server, making it a cost effective solution.
Virtual Private Server VPS is the next step up from shared hosting, offering the power and customization of a dedicated server, but without any hardware issues to worry about. Physical servers divided into isolated virtual servers - each one looks and behaves like a real networked server system.
If you need the performance of a dedicated server, the flexibility to scale your server to fit your business needs, and redundancy to give you peace of mind, then a virtual hosting solution is the right choice!
The parent virtual service allows you to configure multiple certificates on shared hosting, and for SSL connections, the parent virtual service selects the appropriate server certificate based on the TLS server name requested by the client and the cipher used. If the server name is requested or no match is found, the first certificate configured for the virtual service is used. For TLS mutual authentication, the PKI profile should only be configured for the parent virtual service.
Subsequently, when the encrypted communication channel is configured, the browser can proceed to include the website domain name in the Host header and proceed as usual. Essentially, SNI performs the same function as the Host HTTP header when creating an encrypted connection.
Name-Based and IP-Based Hosting
The term virtual host refers to the multiple websites running practice such as test1.example.com and test2.example.com on the same machine. Virtual hosts can be IP based. This means that you have a different IP address for each website, or based on names. This means that you have multiple names running on each IP address. The fact that they are running on 1 physical server is not obvious to the end user.
The shared hosting service leverages the infrastructure of the primary UWM datacenter to provide customers with Platform as a Service - PaaS capabilities that can be used to deliver an application or service. The computing platform, which includes a hardware architecture and software structure, as well as a set of software subsystems and components, scales according to the specific computing needs of the client and is designed to provide maximum performance and reliability. This service is primarily infrastructural in nature, and customers do not have direct access to it.
Use of this service outside of UITS is supported by the UITS Service Level Agreement - SLA. Service Information Service Access Authorized system administrators access this service and its management components using their PantherID and password. Client access to this service differs depending on the hosted application or service, the infrastructure used, and the network protocols.
This service is available 24/7, excluding periods of planned maintenance and unscheduled outages.
Finally, in shared hosting environments, it is quite common for a company to share a server with other businesses or organizations, even their competitors. Since the domains in SAN certificates are publicly listed, business owners may not want to share the same certificate with third parties.
When IP-based virtual hosting is used, each website has either a DNS hostname or a group of DNS hostnames that act the same way points to a unique IP address. The server is configured using multiple physical network interfaces, virtual network interfaces on one physical interface, or multiple IP addresses on one interface. The server can either open separate listening sockets for each IP address, or it can listen on all interfaces with a single socket and receive the IP to which a TCP connection was received after accepting connections. In any case, he can use the IP to determine which website to serve. The customer is not involved in this process and therefore, unlike name-based shared hosting, there are no compatibility issues.
Various cloud providers like Amazon or Google have allowed a workaround known as domain joining. Fronting a domain can prevent the discovery of search history because it hides SNI information by using the hostname of the cloud provider in the TLS negotiation and the target website in the HTTP header. However, this method is no longer viable as Google and Amazon have publicly stated that they have disabled domain fronting support in their services since April 2018.
The biggest problem with name-based shared hosting is the difficulty of hosting multiple secure websites using SSL and TLS. Since the SSL, TLS handshake happens before the expected hostname is sent to the server, the server does not know which certificate to present in the handshake. A single certificate can span multiple names, either through the subjectaltname field or using wildcards, but the practical application of this approach is limited by administrative considerations and wildcard matching rules. There is a TLS extension called Server Name Indication that introduces a name at the beginning of the handshake to work around this issue, with the exception of some older clients, notably Internet Explorer on Windows XP or older versions of Android, which do not implement SNI.
Basically, HTTPS is very similar to HTTP, except that communication between browsers and servers is encrypted. In short, the HTTPS protocol requires servers to provide browsers with a valid SSL certificate issued by a publicly trusted CA, such as SSL.com. The browser can then use the public key contained in the certificate to establish an encrypted communication channel with the server.
In addition, a certificate is issued for a specific domain name, which the browser checks against the domain that the user wanted to visit. Thus, no matter how many websites are hosted on the server, browsers expect to find a valid SSL certificate for the requested website.
Some shared hosting providers allow customers to have better control over their website file system, email names, passwords, and other resources, and claim to provide each customer with a virtual server, that is, a server that appears to be completely their own server. When a client really wants to have their own server, some hosting providers allow the client to rent a dedicated server from the hosting provider. If a customer is allowed to host their own purchased equipment with a supplier, this is called colocation.
As more and more users joined the Internet and more network devices began to appear on the network, the number of available IP addresses began to decrease at an alarming rate. This anticipated depletion, known as the depletion of the IPv4 address range, has prompted the industry to develop and implement various countermeasures such as IPv6, the successor to IPv4. It can support more addresses than we will ever need. Unfortunately, while IPv6 is a viable solution, its implementation has been rather slow. According to Google IPv6 statistics, in 2020, about 25% of internet devices were deployed over IPv6.