Server Name Indication: Difference between revisions

From ICO wiki
Jump to navigationJump to search
(New page: =Server Name Indication= ==Eeldused== Ubuntu server 9.10 (Karmic Koala) beta versioonist alates<br> Apache 2.2.12<br> OpenSSL 0.9.8g ==Seadistamine== Kui Apachel ja OpenSSL'il on SNI tugi ...)
(No difference)

Revision as of 00:33, 27 October 2009

Server Name Indication


Ubuntu server 9.10 (Karmic Koala) beta versioonist alates
Apache 2.2.12
OpenSSL 0.9.8g


Kui Apachel ja OpenSSL'il on SNI tugi olemas, saab ühe IP ja pordi pealt suunata päringuid erinevatele https veebilehtedele kasutades selleks ServerName'i nagu tavalise http puhulgi.
Muuta võib kohe /etc/apache2/sites-enabled/000-default faili uue konfiguratsiooniga

sudo nano /etc/apache2/sites-enabled/000-default

Järgnevalt on toodud näidiskonfiguratsioon:

NameVirtualHost *:443
SSLStrictSNIVHostCheck on

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None

        <Directory /var/www/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all

        ErrorLog /var/log/apache2/www.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/www.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from ::1/128

   ErrorLog     /var/log/apache2/
   TransferLog  /var/log/apache2/

   SSLEngine on
   SSLCertificateFile /etc/apache2/
   SSLCertificateKeyFile /etc/apache2/
   SSLOptions +StdEnvVars

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/sales
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        <Directory /var/www/sales>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all

        ErrorLog /var/log/apache2/sales.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/sales.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from ::1/128
   ErrorLog     /var/log/apache2/
   TransferLog  /var/log/apache2/

   SSLEngine on
   SSLCertificateFile /etc/apache2/
   SSLCertificateKeyFile /etc/apache2/
   SSLOptions +StdEnvVars

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/www
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	<Directory /var/www/www>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">

		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all

	ErrorLog /var/log/apache2/www-error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/www-access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from ::1/128


<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/sales
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        <Directory /var/www/sales>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny                
                Allow from all

        ErrorLog /var/log/apache2/sales.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/sales.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from ::1/128


NameVirtualHost *:443 - määrab, et kõigil IP'del kuulatakse virtual host päringuid
SSLStrictSNIVHostCheck - määrab, kas ühendusi lubatakse ka mitte-SNI klientidelt (off = lubatakse, on = ei lubata)


Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+