apache USES the mod_gnutls module to configure multiple SSL sites (multiple virtual hosts for the HTTPS protocol)
- 2020-05-09 19:46:59
- OfStack
How do you configure multiple HTTPS virtual hosts in an apache environment? I'm using the same principle, which is SNI. Domain-based virtual hosts that share an HTTPS virtual host with an IP address and port.
SNI - the server name indicates that it is an extension of TLS that makes it possible to enable configuration of SSL's domain-based virtual hosts. The requirement of 1 IP address per HTTPS virtual host was broken. As a result, the cost is greatly reduced because all HTTPS virtual hosts can share the same IP address and port, making the HTTPS Web service simpler.
In an apache environment, you need to use mod_gnutls to configure multiple HTTPS hosts on the same IP. Here's a look at the implementation process:
mod_gnutls url see: https: / / mod gnutls. org
1. Install mod_gnutls
# yum install httpd-devel gnutls-devel
# wget http://www.outoforder.cc/downloads/mod_gnutls/mod_gnutls-0.2.0.tar.bz2
# tar -xjvf mod_gnutls-0.2.0.tar.bz2
# cd mod_gnutls-0.2.0
# ./configure --prefix=/usr
# make
To install a higher version of gnutls, you need to install the corresponding dependency package libnettle gmplib. Download address: http: / / www gnutls. org/download html ftp: / / ftp gnutls. org/gcrypt/gnutls
The mod_gnutls module relies on the dhfile and rsafile files.
3. Configure httpd. conf
Listen 10.1.1.22:443
LoadModule gnutls_module modules/mod_gnutls.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
GnuTLSCache dbm "/var/cache/mod_gnutls_cache"
GnuTLSCacheTimeout 300
NameVirtualHost 10.1.1.22:443
Create the callback cache directory
# mkdir -m 0700 /var/cache/mod_gnutls_cache
# chown nobody.nobody /var/cache/mod_gnutls_cache
4. Configure the virtual host
<VirtualHost 10.1.1.22:443>
ServerName www.ofstack.com:443
GnuTLSEnable on
GnuTLSCertificateFile ./ssl/www.ofstack.com.public.cer
GnuTLSKeyFile ./ssl/www.ofstack.com.private.key
DocumentRoot "/data/wwwroot/www.ofstack.com/webroot"
</VirtualHost>
<VirtualHost 10.1.1.22:443>
ServerName www.ofstack.com:443
GnuTLSEnable on
GnuTLSCertificateFile ./ssl/www.ofstack.com.public.cer
GnuTLSKeyFile ./ssl/www.ofstack.com.private.key
DocumentRoot "/data/wwwroot/www.ofstack.com/webroot"
</VirtualHost>
Access to each virtual host is normal.