Server Name Indication: Difference between revisions
From ICO wiki
Jump to navigationJump to search
New page: =Server Name Indication= ==Eeldused== Ubuntu server 9.10 (Karmic Koala) beta versioonist alates<br> Apache 2.2.12<br> OpenSSL 0.9.8g ==Seadistamine== Kui Apachel ja OpenSSL'il on SNI tugi ... |
No edit summary |
||
| Line 207: | Line 207: | ||
==Testimine== | ==Testimine== | ||
Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+<br> | Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+<br> | ||
[[Category:IT infrastruktuuri teenused]] | |||
Latest revision as of 23:46, 26 October 2009
Server Name Indication
Eeldused
Ubuntu server 9.10 (Karmic Koala) beta versioonist alates
Apache 2.2.12
OpenSSL 0.9.8g
Seadistamine
Kui Apachel ja OpenSSL'il on SNI tugi olemas, saab ühe IP ja pordi pealt suunata päringuid erinevatele https veebilehtedele kasutades selleks ServerName'i nagu tavalise http puhulgi.
Muuta võib kohe /etc/apache2/sites-enabled/000-default faili uue konfiguratsiooniga
sudo nano /etc/apache2/sites-enabled/000-default
Järgnevalt on toodud näidiskonfiguratsioon:
NameVirtualHost *:443
SSLStrictSNIVHostCheck on
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName www.firma.ee
DocumentRoot /var/www/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/www.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/www.access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
ErrorLog /var/log/apache2/www.firma.ee-ssl-error.log
TransferLog /var/log/apache2/www.firma.ee-ssl-access.log
SSLEngine on
SSLCertificateFile /etc/apache2/www.firma.ee.crt
SSLCertificateKeyFile /etc/apache2/www.firma.ee.key
SSLOptions +StdEnvVars
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName sales.firma.ee
DocumentRoot /var/www/sales
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/sales>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/sales.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/sales.access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
ErrorLog /var/log/apache2/sales.firma.ee-ssl-error.log
TransferLog /var/log/apache2/sales.firma.ee-ssl-access.log
SSLEngine on
SSLCertificateFile /etc/apache2/sales.firma.ee.crt
SSLCertificateKeyFile /etc/apache2/sales.firma.ee.key
SSLOptions +StdEnvVars
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName www.firma.ee
DocumentRoot /var/www/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/www-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/www-access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName sales.firma.ee
DocumentRoot /var/www/sales
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/sales>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/sales.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/sales.access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
NameVirtualHost *:443 - määrab, et kõigil IP'del kuulatakse virtual host päringuid
SSLStrictSNIVHostCheck - määrab, kas ühendusi lubatakse ka mitte-SNI klientidelt (off = lubatakse, on = ei lubata)
Testimine
Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+
