Of Stack

apache USES the mod_gnutls module to configure multiple SSL sites (multiple virtual hosts for the HTTPS protocol)

  • 2020-05-09 19:46:59
  • OfStack

How do you configure multiple HTTPS virtual hosts in an apache environment? I'm using the same principle, which is SNI. Domain-based virtual hosts that share an HTTPS virtual host with an IP address and port.

SNI - the server name indicates that it is an extension of TLS that makes it possible to enable configuration of SSL's domain-based virtual hosts. The requirement of 1 IP address per HTTPS virtual host was broken. As a result, the cost is greatly reduced because all HTTPS virtual hosts can share the same IP address and port, making the HTTPS Web service simpler.

In an apache environment, you need to use mod_gnutls to configure multiple HTTPS hosts on the same IP. Here's a look at the implementation process:

mod_gnutls url see: https: / / mod gnutls. org

1. Install mod_gnutls 



# yum install httpd-devel gnutls-devel

# wget http://www.outoforder.cc/downloads/mod_gnutls/mod_gnutls-0.2.0.tar.bz2

# tar -xjvf mod_gnutls-0.2.0.tar.bz2

# cd mod_gnutls-0.2.0

# ./configure --prefix=/usr

# make

To install a higher version of gnutls, you need to install the corresponding dependency package libnettle gmplib. Download address: http: / / www gnutls. org/download html   ftp: / / ftp gnutls. org/gcrypt/gnutls
The mod_gnutls module relies on the dhfile and rsafile files.

3. Configure httpd. conf 



Listen 10.1.1.22:443

LoadModule gnutls_module modules/mod_gnutls.so

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

GnuTLSCache dbm "/var/cache/mod_gnutls_cache"

GnuTLSCacheTimeout 300

NameVirtualHost 10.1.1.22:443

Create the callback cache directory 



# mkdir -m 0700 /var/cache/mod_gnutls_cache

# chown nobody.nobody /var/cache/mod_gnutls_cache

4. Configure the virtual host 



<VirtualHost 10.1.1.22:443>

    ServerName www.ofstack.com:443

    GnuTLSEnable on

    GnuTLSCertificateFile ./ssl/www.ofstack.com.public.cer

    GnuTLSKeyFile ./ssl/www.ofstack.com.private.key

    DocumentRoot "/data/wwwroot/www.ofstack.com/webroot"

</VirtualHost>
<VirtualHost 10.1.1.22:443>

    ServerName www.ofstack.com:443

    GnuTLSEnable on

    GnuTLSCertificateFile ./ssl/www.ofstack.com.public.cer

    GnuTLSKeyFile ./ssl/www.ofstack.com.private.key

    DocumentRoot "/data/wwwroot/www.ofstack.com/webroot"

</VirtualHost>

Access to each virtual host is normal.

Related articles: