[Mageia-sysadm] [196] - add logic for using ssl certificate ( no SNI for the moment, but should be done later )
Buchan Milne
bgmilne at multilinks.com
Mon Nov 8 10:25:16 CET 2010
On Monday, 8 November 2010 01:37:59 root at mageia.org wrote:
> Revision: 196
> Author: misc
> Date: 2010-11-08 01:37:59 +0100 (Mon, 08 Nov 2010)
> Log Message:
> -----------
> - add logic for using ssl certificate ( no SNI for the moment, but should
> be done later )
>
> Modified Paths:
> --------------
> puppet/modules/apache/templates/vhost_catalyst_app.conf
>
> Modified: puppet/modules/apache/templates/vhost_catalyst_app.conf
> ===================================================================
> --- puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-08
> 00:21:42 UTC (rev 195) +++
> puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-08
> 00:37:59 UTC (rev 196) @@ -1,4 +1,17 @@
> -<VirtualHost *:80>
> +<% if use_ssl then
> + port = 443
> +else
> + port = 80
> +end
> +%>
> +
> +<VirtualHost *:<%= port %>>
> +<% if use_ssl then %>
> + SSLEngine on
> + #TODO deploy SNI later
> + SSLCertificateFile /etc/ssl/apache/apache.pem
> + SSLCertificateKeyFile /etc/ssl/apache/apache.pem
These paths should possible also use macro names, as at present
identity.magiea.org has a certificate for alamut.mageia.org. While the cert is
currently self-signed, we should try and limit those certificate validation
problems that we can limit without too much effort.
> +<% end %>
> ServerName <%= name %>
> # Serve static content directly
> DocumentRoot /dev/null
Regards,
Buchan
More information about the Mageia-sysadm
mailing list