Using Single Apache SSL/Non-SSL in Production?

tck1000 asks: "I currently maintain some legacy webservers, running Apache 1.3.x on Linux, on x86 hardware. Two separate daemons are used. One to serve SSL vhosts, and one to server non-SSL vhosts. Each of these servers also is compiled with PHP, mod_perl, and JServe, and also works with a Tomcat servlet engines. In the process of planning an upgrade path, I've thought about using a single daemon to serve both the SSL and Non-SSL vhosts. Is this a good idea?"

"These webservers serve about 4 million hits a day across all the vhosts. I'm worried about memory usage if every httpd process has to load mod_ssl, as well as everything else they load.

I've been searching for comparisons between running 2 daemons (and the associated effort in maintaining/upgrading/patching), vs. running a single daemon (with any added overhead it entails).

I've found a lot of examples of how to do it, but not much on the why's.

Comments, Opinions, Ideas, Links?"

No, it doesn't

[mirabilos]

Honestly, this is the first time I've heard that
someone _does_ use two different servers for
http and https.
If you really want to increase security, use the
new chroot facilities.

Re:No, it doesn't

[sylencer]

If you really want to increase security, use the new chroot facilities.

I don't understand what you are saying here. People use https to prevent others from sniffing their traffic, e.g. for credit card numbers or other data that should be kept secret, like passwords. Chroot environments are used for a completely different purpose: To keep the impact on your whole system as little as possible when (not if!) a security flaw in the daemon is discovered and thus an attacker can execute arbitrary code on your machine.