Server Name Indication
From ICO wiki
Server Name Indication
Eeldused
Ubuntu server 9.10 (Karmic Koala) beta versioonist alates
Apache 2.2.12
OpenSSL 0.9.8g
Seadistamine
Kui Apachel ja OpenSSL'il on SNI tugi olemas, saab ühe IP ja pordi pealt suunata päringuid erinevatele https veebilehtedele kasutades selleks ServerName'i nagu tavalise http puhulgi.
Muuta võib kohe /etc/apache2/sites-enabled/000-default faili uue konfiguratsiooniga
sudo nano /etc/apache2/sites-enabled/000-default
Järgnevalt on toodud näidiskonfiguratsioon:
NameVirtualHost *:443 SSLStrictSNIVHostCheck on <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName www.firma.ee DocumentRoot /var/www/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/www> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/www.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/www.access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorLog /var/log/apache2/www.firma.ee-ssl-error.log TransferLog /var/log/apache2/www.firma.ee-ssl-access.log SSLEngine on SSLCertificateFile /etc/apache2/www.firma.ee.crt SSLCertificateKeyFile /etc/apache2/www.firma.ee.key SSLOptions +StdEnvVars </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName sales.firma.ee DocumentRoot /var/www/sales <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/sales> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/sales.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/sales.access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> ErrorLog /var/log/apache2/sales.firma.ee-ssl-error.log TransferLog /var/log/apache2/sales.firma.ee-ssl-access.log SSLEngine on SSLCertificateFile /etc/apache2/sales.firma.ee.crt SSLCertificateKeyFile /etc/apache2/sales.firma.ee.key SSLOptions +StdEnvVars </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.firma.ee DocumentRoot /var/www/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/www> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/www-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/www-access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName sales.firma.ee DocumentRoot /var/www/sales <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/sales> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/sales.error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/sales.access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
NameVirtualHost *:443 - määrab, et kõigil IP'del kuulatakse virtual host päringuid
SSLStrictSNIVHostCheck - määrab, kas ühendusi lubatakse ka mitte-SNI klientidelt (off = lubatakse, on = ei lubata)
Testimine
Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+