Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers).
This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same host name. The term virtual hosting is usually used in reference to web servers but the principles do carry over to other internet services.
It is also very common for a single entity to want to use multiple names on the same machine so that the names can reflect services offered rather than where those services happen to be hosted.
There are two main types of virtual hosting, name-based and IP-based. Name-based virtual hosting uses the host name presented by the client.
This saves IP addresses and the associated administrative overhead but the protocol being served must supply the host name at an appropriate point. In particular, there are significant difficulties using name-based virtual hosting with SSL/TLS.
IP-based virtual hosting uses a separate IP address for each host name, and it can be performed with any protocol but requires a dedicated IP address per domain name served. Port-based virtual hosting is also possible in principle but is rarely used in practice because it is unfriendly to users.
Name-based and IP-based virtual hosting can be combined: a server may have multiple IP addresses and serve multiple names on some or all of those IP addresses. This technique can be useful when using SSL/TLS with wildcard certificates.
For example, if a server operator had two certificates, one for *.example.com and one for *.example.net, the operator could serve foo.example.com and bar.example.com off the same IP address but would need a separate IP address for baz.example.net.
Name-based Virtual Hosting
Name-based virtual hosts use multiple host names for the same IP address.
A technical prerequisite needed for name-based virtual hosts is a web browser with HTTP/1.1 support (commonplace today) to include the target hostname in the request. This allows a server hosting multiple sites behind one IP address to deliver the correct site’s content. More specifically it means setting the Host HTTP header, which is mandatory in HTTP/1.1.
For instance, a server could be receiving requests for two domains, www.example.com and www.example.net, both of which resolve to the same IP address. For www.example.com, the server would send the HTML file from the directory /var/www/user/Joe/site/, while requests for www.example.net would make the server serve pages from /var/www/user/Mary/site/. Equally two subdomains of the same domain may be hosted together. For instance, a blog server may host both blog1.example.com and blog2.example.com.
The biggest issue with name-based virtual hosting is that it is difficult to host multiple secure websites running SSL/TLS. Because the SSL/TLS handshake takes place before the expected hostname is sent to the server, the server doesn’t know which certificate to present in the handshake.
It is possible for a single certificate to cover multiple names either through the “subjectaltname” field or through wildcards but the practical application of this approach is limited by administrative considerations and by the matching rules for wildcards.
There is an extension to TLS called Server Name Indication, that presents the name at the start of the handshake to circumvent that issue, except for some older clients (in particular Internet Explorer on Windows XP or older Android versions) which do not implement SNI.
Furthermore, if the Domain Name System (DNS) is not properly functioning, it is difficult to access a virtually-hosted website even if the IP address is known. If the user tries to fall back to using the IP address to contact the system, as in http://10.23.45.67/, the web browser will send the IP address as the host name.
Since the web server relies on the web browser client telling it what server name (vhost) to use, the server will respond with a default website—often not the site the user expects.
A workaround in this case is to add the IP address and host name to the client system’s hosts file. Accessing the server with the domain name should work again. Users should be careful when doing this, however, as any changes to the true mapping between host name and IP address will be overridden by the local setting.
This workaround is not really useful for an average web user, but may be of some use to a site administrator while fixing DNS records.
IP-based Virtual Hosting
When IP-based virtual hosting is used, each site (either a DNS host name or a group of DNS host names that act the same) points to a unique IP address. The webserver is configured with multiple physical network interfaces, virtual network interfaces on the same physical interface or multiple IP addresses on one interface.
The web server can either open separate listening sockets for each IP address, or it can listen on all interfaces with a single socket and obtain the IP address the TCP connection was received on after accepting the connections. Either way, it can use the IP address to determine which website to serve.
The client is not involved in this process and therefore (unlike with name-based virtual hosting) there are no compatibility issues.
The downside of this approach is the server needs a different IP address for every web site. This increases administrative overhead (both assigning addresses to servers and justifying the use of those addresses to internet registries) and contributes to IPv4 address exhaustion.
Port-based Virtual Hosting
The default port number for HTTP is 80. However, most webservers can be configured to operate on almost any port number, provided the port number is not in use by any other program on the server.
There is the HTTP Secure special port 443 that needs special configuration (see Server Name Indication).
Port based web sites are explicitly bound to a unique port number and an IP address. In this case the IP address is used for hosting multiple web sites.
The unique port number used for a common IP address distinguish an individual web site from other web sites bound to the same IP Address.