Changeset 190d459 in mod_gnutls for doc/mod_gnutls_manual.mdwn


Ignore:
Timestamp:
Jan 4, 2020, 5:16:38 AM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
dc3cbd5
Parents:
3deb86e
Message:

Manual: Use syntax highlighting for configuration examples

File:
1 edited

Legend:

Unmodified
Added
Removed
  • doc/mod_gnutls_manual.mdwn

    r3deb86e r190d459  
    733733(other than the default setup):
    734734
    735      # Load mod_gnutls into Apache.
    736      LoadModule gnutls_module modules/mod_gnutls.so
    737 
    738          Listen 192.0.2.1:443
    739 
    740      <VirtualHost _default_:443>
    741              # Standard virtual host stuff
    742          DocumentRoot /www/site1.example.com/html
    743          ServerName site1.example.com:443
    744          
    745                  # Minimal mod_gnutls setup: enable, and set credentials
    746                  GnuTLSEnable on
    747          GnuTLSCertificateFile conf/tls/site1_cert_chain.pem
    748          GnuTLSKeyFile conf/tls/site1_key.pem
    749      </VirtualHost>
     735```apache
     736# Load mod_gnutls into Apache.
     737LoadModule gnutls_module modules/mod_gnutls.so
     738
     739Listen 192.0.2.1:443
     740
     741<VirtualHost _default_:443>
     742        # Standard virtual host stuff
     743        DocumentRoot /www/site1.example.com/html
     744        ServerName site1.example.com:443
     745
     746        # Minimal mod_gnutls setup: enable, and set credentials
     747        GnuTLSEnable on
     748        GnuTLSCertificateFile conf/tls/site1_cert_chain.pem
     749        GnuTLSKeyFile conf/tls/site1_key.pem
     750</VirtualHost>
     751```
    750752
    751753This gives you an HTTPS site using the GnuTLS `NORMAL` set of
     
    766768this standard. Here is an example using SNI:
    767769
    768      # Load the module into Apache.
    769      LoadModule gnutls_module modules/mod_gnutls.so
    770          # This example server uses session tickets, no cache.
    771      GnuTLSSessionTickets on
    772 
    773      # SNI allows hosting multiple sites using one IP address. This
    774      # could also be 'Listen *:443', just like '*:80' is common for
    775      # non-HTTPS
    776      Listen 198.51.100.1:443
    777 
    778      <VirtualHost _default_:443>
    779          GnuTLSEnable on
    780          DocumentRoot /www/site1.example.com/html
    781          ServerName site1.example.com:443
    782          GnuTLSCertificateFile conf/tls/site1.crt
    783          GnuTLSKeyFile conf/tls/site1.key
    784      </VirtualHost>
    785 
    786      <VirtualHost _default_:443>
    787          GnuTLSEnable on
    788          DocumentRoot /www/site2.example.com/html
    789          ServerName site2.example.com:443
    790          GnuTLSCertificateFile conf/tls/site2.crt
    791          GnuTLSKeyFile conf/tls/site2.key
    792      </VirtualHost>
    793 
    794      <VirtualHost _default_:443>
    795          GnuTLSEnable on
    796          DocumentRoot /www/site3.example.com/html
    797          ServerName site3.example.com:443
    798          GnuTLSCertificateFile conf/tls/site3.crt
    799          GnuTLSKeyFile conf/tls/site3.key
    800          # Enable HTTP/2. With GnuTLS before version 3.6.3 all
    801          # virtual hosts in this example would have to share this
    802          # directive to work correctly.
    803          Protocols h2 http/1.1
    804      </VirtualHost>
     770```apache
     771# Load the module into Apache.
     772LoadModule gnutls_module modules/mod_gnutls.so
     773# This example server uses session tickets, no cache.
     774GnuTLSSessionTickets on
     775
     776# SNI allows hosting multiple sites using one IP address. This
     777# could also be 'Listen *:443', just like '*:80' is common for
     778# non-HTTPS
     779Listen 198.51.100.1:443
     780
     781<VirtualHost _default_:443>
     782        GnuTLSEnable on
     783        DocumentRoot /www/site1.example.com/html
     784    ServerName site1.example.com:443
     785        GnuTLSCertificateFile conf/tls/site1.crt
     786        GnuTLSKeyFile conf/tls/site1.key
     787</VirtualHost>
     788
     789<VirtualHost _default_:443>
     790        GnuTLSEnable on
     791        DocumentRoot /www/site2.example.com/html
     792        ServerName site2.example.com:443
     793        GnuTLSCertificateFile conf/tls/site2.crt
     794        GnuTLSKeyFile conf/tls/site2.key
     795</VirtualHost>
     796
     797<VirtualHost _default_:443>
     798        GnuTLSEnable on
     799        DocumentRoot /www/site3.example.com/html
     800        ServerName site3.example.com:443
     801        GnuTLSCertificateFile conf/tls/site3.crt
     802        GnuTLSKeyFile conf/tls/site3.key
     803        # Enable HTTP/2. With GnuTLS before version 3.6.3 all
     804        # virtual hosts in this example would have to share this
     805        # directive to work correctly.
     806        Protocols h2 http/1.1
     807</VirtualHost>
     808```
    805809
    806810Virtual Hosts without SNI
     
    812816different IP addresses.
    813817
    814      # Load the module into Apache.
    815      LoadModule gnutls_module modules/mod_gnutls.so
    816          # This example server uses a session cache.
    817      GnuTLSCache dbm:/var/cache/www-tls-cache
    818      GnuTLSCacheTimeout 1200
    819 
    820      # Without SNI you need one IP Address per site. The IP addresses
    821          # are listed separately for clarity, you could also use "Listen 443"
    822          # to use that port on all available IP addresses.
    823      Listen 192.0.2.1:443
    824      Listen 192.0.2.2:443
    825      Listen 192.0.2.3:443
    826 
    827      <VirtualHost 192.0.2.1:443>
    828          GnuTLSEnable on
    829          GnuTLSPriorities SECURE128
    830          DocumentRoot /www/site1.example.com/html
    831          ServerName site1.example.com:443
    832          GnuTLSCertificateFile conf/tls/site1.crt
    833          GnuTLSKeyFile conf/tls/site1.key
    834      </VirtualHost>
    835 
    836      <VirtualHost 192.0.2.2:443>
    837          # This virtual host enables SRP authentication
    838          GnuTLSEnable on
    839          GnuTLSPriorities NORMAL:+SRP
    840          DocumentRoot /www/site2.example.com/html
    841          ServerName site2.example.com:443
    842          GnuTLSSRPPasswdFile conf/tls/tpasswd.site2
    843          GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site2.conf
    844      </VirtualHost>
    845 
    846      <VirtualHost 192.0.2.3:443>
    847          # This server enables SRP and X.509 authentication.
    848          GnuTLSEnable on
    849          GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS
    850          DocumentRoot /www/site3.example.com/html
    851          ServerName site3.example.com:443
    852          GnuTLSCertificateFile conf/tls/site3.crt
    853          GnuTLSKeyFile conf/tls/site3.key
    854          GnuTLSClientVerify ignore
    855          GnuTLSSRPPasswdFile conf/tls/tpasswd.site3
    856          GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site3.conf
    857      </VirtualHost>
     818```apache
     819# Load the module into Apache.
     820LoadModule gnutls_module modules/mod_gnutls.so
     821# This example server uses a session cache.
     822GnuTLSCache dbm:/var/cache/www-tls-cache
     823GnuTLSCacheTimeout 1200
     824
     825# Without SNI you need one IP Address per site. The IP addresses
     826# are listed separately for clarity, you could also use "Listen 443"
     827# to use that port on all available IP addresses.
     828Listen 192.0.2.1:443
     829Listen 192.0.2.2:443
     830Listen 192.0.2.3:443
     831
     832<VirtualHost 192.0.2.1:443>
     833        GnuTLSEnable on
     834        GnuTLSPriorities SECURE128
     835        DocumentRoot /www/site1.example.com/html
     836        ServerName site1.example.com:443
     837        GnuTLSCertificateFile conf/tls/site1.crt
     838        GnuTLSKeyFile conf/tls/site1.key
     839</VirtualHost>
     840
     841<VirtualHost 192.0.2.2:443>
     842    # This virtual host enables SRP authentication
     843        GnuTLSEnable on
     844        GnuTLSPriorities NORMAL:+SRP
     845        DocumentRoot /www/site2.example.com/html
     846        ServerName site2.example.com:443
     847        GnuTLSSRPPasswdFile conf/tls/tpasswd.site2
     848        GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site2.conf
     849</VirtualHost>
     850
     851<VirtualHost 192.0.2.3:443>
     852        # This server enables SRP and X.509 authentication.
     853        GnuTLSEnable on
     854        GnuTLSPriorities NORMAL:+SRP:+SRP-RSA:+SRP-DSS
     855        DocumentRoot /www/site3.example.com/html
     856        ServerName site3.example.com:443
     857        GnuTLSCertificateFile conf/tls/site3.crt
     858        GnuTLSKeyFile conf/tls/site3.key
     859        GnuTLSClientVerify ignore
     860        GnuTLSSRPPasswdFile conf/tls/tpasswd.site3
     861        GnuTLSSRPPasswdConfFile conf/tls/tpasswd.site3.conf
     862</VirtualHost>
     863```
    858864
    859865OCSP Stapling Example
     
    866872significantly larger.
    867873
    868      # Load the module into Apache.
    869      LoadModule gnutls_module modules/mod_gnutls.so
    870          # A 64K cache is more than enough for one response
    871      GnuTLSOCSPCache shmcb:ocsp_cache(65536)
    872 
    873      Listen 192.0.2.1:443
    874 
    875      <VirtualHost _default_:443>
    876          GnuTLSEnable           On
    877          DocumentRoot           /www/site1.example.com/html
    878          ServerName             site1.example.com:443
    879          GnuTLSCertificateFile  conf/tls/site1_cert_chain.pem
    880          GnuTLSKeyFile          conf/tls/site1_key.pem
    881          GnuTLSOCSPStapling     On
    882                  # The cached OCSP response is kept for up to 4 hours,
    883                  # with updates scheduled every 3 to 3.5 hours.
    884          GnuTLSOCSPCacheTimeout 21600
    885                  GnuTLSOCSPFuzzTime     3600
    886      </VirtualHost>
     874```apache
     875# Load the module into Apache.
     876LoadModule gnutls_module modules/mod_gnutls.so
     877# A 64K cache is more than enough for one response
     878GnuTLSOCSPCache shmcb:ocsp_cache(65536)
     879
     880Listen 192.0.2.1:443
     881
     882<VirtualHost _default_:443>
     883        GnuTLSEnable           On
     884        DocumentRoot           /www/site1.example.com/html
     885        ServerName             site1.example.com:443
     886        GnuTLSCertificateFile  conf/tls/site1_cert_chain.pem
     887        GnuTLSKeyFile          conf/tls/site1_key.pem
     888        GnuTLSOCSPStapling     On
     889        # The cached OCSP response is kept for up to 4 hours,
     890        # with updates scheduled every 3 to 3.5 hours.
     891        GnuTLSOCSPCacheTimeout 21600
     892        GnuTLSOCSPFuzzTime     3600
     893</VirtualHost>
     894```
    887895
    888896* * * * *
Note: See TracChangeset for help on using the changeset viewer.