Server Name Indication: Difference between revisions

From ICO wiki test
Jump to navigationJump to search
Slepamet (talk | contribs)
114 edits
New page: =Server Name Indication= ==Eeldused== Ubuntu server 9.10 (Karmic Koala) beta versioonist alates<br> Apache 2.2.12<br> OpenSSL 0.9.8g ==Seadistamine== Kui Apachel ja OpenSSL'il on SNI tugi ...
 
Slepamet (talk | contribs)
114 edits
No edit summary
 
Line 207: Line 207:
==Testimine==
==Testimine==
Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+<br>
Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+<br>
[[Category:IT infrastruktuuri teenused]]

Latest revision as of 23:46, 26 October 2009

Server Name Indication

Eeldused

Ubuntu server 9.10 (Karmic Koala) beta versioonist alates
Apache 2.2.12
OpenSSL 0.9.8g

Seadistamine

Kui Apachel ja OpenSSL'il on SNI tugi olemas, saab ühe IP ja pordi pealt suunata päringuid erinevatele https veebilehtedele kasutades selleks ServerName'i nagu tavalise http puhulgi.
Muuta võib kohe /etc/apache2/sites-enabled/000-default faili uue konfiguratsiooniga 

sudo nano /etc/apache2/sites-enabled/000-default

Järgnevalt on toodud näidiskonfiguratsioon: 

NameVirtualHost *:443
SSLStrictSNIVHostCheck on

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName www.firma.ee
        DocumentRoot /var/www/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>

        <Directory /var/www/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/www.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/www.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

   ErrorLog     /var/log/apache2/www.firma.ee-ssl-error.log
   TransferLog  /var/log/apache2/www.firma.ee-ssl-access.log

   SSLEngine on
   SSLCertificateFile /etc/apache2/www.firma.ee.crt
   SSLCertificateKeyFile /etc/apache2/www.firma.ee.key
   SSLOptions +StdEnvVars

 </VirtualHost>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName sales.firma.ee
        DocumentRoot /var/www/sales
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/sales>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/sales.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/sales.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
   ErrorLog     /var/log/apache2/sales.firma.ee-ssl-error.log
   TransferLog  /var/log/apache2/sales.firma.ee-ssl-access.log

   SSLEngine on
   SSLCertificateFile /etc/apache2/sales.firma.ee.crt
   SSLCertificateKeyFile /etc/apache2/sales.firma.ee.key
   SSLOptions +StdEnvVars


 </VirtualHost>
<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	ServerName www.firma.ee
	DocumentRoot /var/www/www
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/www>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">

		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog /var/log/apache2/www-error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/www-access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        ServerName sales.firma.ee
        DocumentRoot /var/www/sales
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/sales>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny                
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/sales.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/sales.access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

NameVirtualHost *:443 - määrab, et kõigil IP'del kuulatakse virtual host päringuid
SSLStrictSNIVHostCheck - määrab, kas ühendusi lubatakse ka mitte-SNI klientidelt (off = lubatakse, on = ei lubata)

Testimine

Testimiseks on vajalik SNI tuge omavat veebibrauserit. Seega ei sobi Links. SNI toega brauserid on Firefox 2.0+, IE 7.0+, Google Chrome, Opera 8.0+

Retrieved from "https://wiki2020.itcollege.ee/index.php?title=Server_Name_Indication&oldid=514"