Context Navigation

-                      r3deb86e
+                      r190d459
 (other than the default setup):
+     # Load mod_gnutls into Apache.
+     LoadModule gnutls_module modules/mod_gnutls.so
+         Listen 192.0.2.1:443
+     <VirtualHost _default_:443>
+             # Standard virtual host stuff
+         DocumentRoot /www/site1.example.com/html
+         ServerName site1.example.com:443
+                 # Minimal mod_gnutls setup: enable, and set credentials
+                 GnuTLSEnable on
+         GnuTLSCertificateFile conf/tls/site1_cert_chain.pem
+         GnuTLSKeyFile conf/tls/site1_key.pem
+     </VirtualHost>
+```apache
+# Load mod_gnutls into Apache.
+LoadModule gnutls_module modules/mod_gnutls.so
+Listen 192.0.2.1:443
+<VirtualHost _default_:443>
+        # Standard virtual host stuff
+        DocumentRoot /www/site1.example.com/html
+        ServerName site1.example.com:443
+        # Minimal mod_gnutls setup: enable, and set credentials
+        GnuTLSEnable on
+        GnuTLSCertificateFile conf/tls/site1_cert_chain.pem
+        GnuTLSKeyFile conf/tls/site1_key.pem
+</VirtualHost>
+```
 This gives you an HTTPS site using the GnuTLS `NORMAL` set of
 …
 this standard. Here is an example using SNI:
+     # Load the module into Apache.
+     LoadModule gnutls_module modules/mod_gnutls.so
+         # This example server uses session tickets, no cache.
+     GnuTLSSessionTickets on
+     # SNI allows hosting multiple sites using one IP address. This
+     # could also be 'Listen *:443', just like '*:80' is common for
+     # non-HTTPS
+     Listen 198.51.100.1:443
+     <VirtualHost _default_:443>
+         GnuTLSEnable on
+         DocumentRoot /www/site1.example.com/html
+         ServerName site1.example.com:443
+         GnuTLSCertificateFile conf/tls/site1.crt
+         GnuTLSKeyFile conf/tls/site1.key
+     </VirtualHost>
+     <VirtualHost _default_:443>
+         GnuTLSEnable on
+         DocumentRoot /www/site2.example.com/html
+         ServerName site2.example.com:443
+         GnuTLSCertificateFile conf/tls/site2.crt
+         GnuTLSKeyFile conf/tls/site2.key
+     </VirtualHost>
+     <VirtualHost _default_:443>
+         GnuTLSEnable on
+         DocumentRoot /www/site3.example.com/html
+         ServerName site3.example.com:443
+         GnuTLSCertificateFile conf/tls/site3.crt
+         GnuTLSKeyFile conf/tls/site3.key
+         # Enable HTTP/2. With GnuTLS before version 3.6.3 all
+         # virtual hosts in this example would have to share this
+         # directive to work correctly.
+         Protocols h2 http/1.1
+     </VirtualHost>
+```apache
+# Load the module into Apache.
+LoadModule gnutls_module modules/mod_gnutls.so
+# This example server uses session tickets, no cache.
+GnuTLSSessionTickets on
+# SNI allows hosting multiple sites using one IP address. This
+# could also be 'Listen *:443', just like '*:80' is common for
+# non-HTTPS
+Listen 198.51.100.1:443
+<VirtualHost _default_:443>
+        GnuTLSEnable on
+        DocumentRoot /www/site1.example.com/html
+    ServerName site1.example.com:443
+        GnuTLSCertificateFile conf/tls/site1.crt
+        GnuTLSKeyFile conf/tls/site1.key
+</VirtualHost>
+<VirtualHost _default_:443>
+        GnuTLSEnable on
+        DocumentRoot /www/site2.example.com/html
+        ServerName site2.example.com:443
+        GnuTLSCertificateFile conf/tls/site2.crt
+        GnuTLSKeyFile conf/tls/site2.key
+</VirtualHost>
+<VirtualHost _default_:443>
+        GnuTLSEnable on
+        DocumentRoot /www/site3.example.com/html
+        ServerName site3.example.com:443
+        GnuTLSCertificateFile conf/tls/site3.crt
+        GnuTLSKeyFile conf/tls/site3.key
+        # Enable HTTP/2. With GnuTLS before version 3.6.3 all
+        # virtual hosts in this example would have to share this
+        # directive to work correctly.
+        Protocols h2 http/1.1
+</VirtualHost>
+```
 Virtual Hosts without SNI
 …
 different IP addresses.
+     # Load the module into Apache.
+     LoadModule gnutls_module modules/mod_gnutls.so
+         # This example server uses a session cache.
+     GnuTLSCache dbm:/var/cache/www-tls-cache
+     GnuTLSCacheTimeout 1200
+     # Without SNI you need one IP Address per site. The IP addresses
+         # are listed separately for clarity, you could also use "Listen 443"
+         # to use that port on all available IP addresses.
+     Listen 192.0.2.1:443
+     Listen 192.0.2.2:443
+     Listen 192.0.2.3:443
+     <VirtualHost 192.0.2.1:443>
+         GnuTLSEnable on
+         GnuTLSPriorities SECURE128
+         DocumentRoot /www/site1.example.com/html
+         ServerName site1.example.com:443
+         GnuTLSCertificateFile conf/tls/site1.crt
+         GnuTLSKeyFile conf/tls/site1.key
+     </VirtualHost>
+     <VirtualHost 192.0.2.2:443>
+         # This virtual host enables SRP authentication
+         GnuTLSEnable on
+         GnuTLSPriorities NORMAL:+SRP
+         DocumentRoot /www/site2.example.com/html
+         ServerName site2.example.com:443
+         GnuTLSSRPPasswdFile conf/tls/tpasswd.site2
+         GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site2.conf
+     </VirtualHost>
+     <VirtualHost 192.0.2.3:443>
+         # This server enables SRP and X.509 authentication.
+         GnuTLSEnable on
+         GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS
+         DocumentRoot /www/site3.example.com/html
+         ServerName site3.example.com:443
+         GnuTLSCertificateFile conf/tls/site3.crt
+         GnuTLSKeyFile conf/tls/site3.key
+         GnuTLSClientVerify ignore
+         GnuTLSSRPPasswdFile conf/tls/tpasswd.site3
+         GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site3.conf
+     </VirtualHost>
+```apache
+# Load the module into Apache.
+LoadModule gnutls_module modules/mod_gnutls.so
+# This example server uses a session cache.
+GnuTLSCache dbm:/var/cache/www-tls-cache
+GnuTLSCacheTimeout 1200
+# Without SNI you need one IP Address per site. The IP addresses
+# are listed separately for clarity, you could also use "Listen 443"
+# to use that port on all available IP addresses.
+Listen 192.0.2.1:443
+Listen 192.0.2.2:443
+Listen 192.0.2.3:443
+<VirtualHost 192.0.2.1:443>
+        GnuTLSEnable on
+        GnuTLSPriorities SECURE128
+        DocumentRoot /www/site1.example.com/html
+        ServerName site1.example.com:443
+        GnuTLSCertificateFile conf/tls/site1.crt
+        GnuTLSKeyFile conf/tls/site1.key
+</VirtualHost>
+<VirtualHost 192.0.2.2:443>
+    # This virtual host enables SRP authentication
+        GnuTLSEnable on
+        GnuTLSPriorities NORMAL:+SRP
+        DocumentRoot /www/site2.example.com/html
+        ServerName site2.example.com:443
+        GnuTLSSRPPasswdFile conf/tls/tpasswd.site2
+        GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site2.conf
+</VirtualHost>
+<VirtualHost 192.0.2.3:443>
+        # This server enables SRP and X.509 authentication.
+        GnuTLSEnable on
+        GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS
+        DocumentRoot /www/site3.example.com/html
+        ServerName site3.example.com:443
+        GnuTLSCertificateFile conf/tls/site3.crt
+        GnuTLSKeyFile conf/tls/site3.key
+        GnuTLSClientVerify ignore
+        GnuTLSSRPPasswdFile conf/tls/tpasswd.site3
+        GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site3.conf
+</VirtualHost>
+```
 OCSP Stapling Example
 …
 significantly larger.
+     # Load the module into Apache.
+     LoadModule gnutls_module modules/mod_gnutls.so
+         # A 64K cache is more than enough for one response
+     GnuTLSOCSPCache shmcb:ocsp_cache(65536)
+     Listen 192.0.2.1:443
+     <VirtualHost _default_:443>
+         GnuTLSEnable           On
+         DocumentRoot           /www/site1.example.com/html
+         ServerName             site1.example.com:443
+         GnuTLSCertificateFile  conf/tls/site1_cert_chain.pem
+         GnuTLSKeyFile          conf/tls/site1_key.pem
+         GnuTLSOCSPStapling     On
+                 # The cached OCSP response is kept for up to 4 hours,
+                 # with updates scheduled every 3 to 3.5 hours.
+         GnuTLSOCSPCacheTimeout 21600
+                 GnuTLSOCSPFuzzTime     3600
+     </VirtualHost>
+```apache
+# Load the module into Apache.
+LoadModule gnutls_module modules/mod_gnutls.so
+# A 64K cache is more than enough for one response
+GnuTLSOCSPCache shmcb:ocsp_cache(65536)
+Listen 192.0.2.1:443
+<VirtualHost _default_:443>
+        GnuTLSEnable           On
+        DocumentRoot           /www/site1.example.com/html
+        ServerName             site1.example.com:443
+        GnuTLSCertificateFile  conf/tls/site1_cert_chain.pem
+        GnuTLSKeyFile          conf/tls/site1_key.pem
+        GnuTLSOCSPStapling     On
+        # The cached OCSP response is kept for up to 4 hours,
+        # with updates scheduled every 3 to 3.5 hours.
+        GnuTLSOCSPCacheTimeout 21600
+        GnuTLSOCSPFuzzTime     3600
+</VirtualHost>
+```
 * * * * *

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 190d459 in mod_gnutls

Legend:

doc/mod_gnutls_manual.mdwn

Download in other formats: