UNIXscout

Mehrere Virtuelle SSL Host's mit EINER IP (OBSD 3.6)

Diese Crash HowTo zeigt Dir wie man verschiedene Virtuelle Host über
SSL mit einer IP erreichen kann.


Als erstest generieren wie ein neues Zertifikat. Achtet darauf das beim
Domain name ein Asterisk (*) davor steht (z.B. *.unixscout.org)

# openssl req -new -key /etc/ssl/private/server.key -out
/etc/ssl/private/server.csr
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter \'.\', the field will be left blank.
-----
Country Name (2 letter code) []:ch
State or Province Name (full name) []:Bern
Locality Name (eg, city) []:Bern
Organization Name (eg, company) []:Unsere ich AG ;)
Organizational Unit Name (eg, section) []:IT Services
Common Name (eg, fully qualified host name) []:*.example.ch
Email Address []:info@thetube.ch

Please enter the following \'extra\' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey
/etc/ssl/private/server.key -out /etc/ssl/server.crt
Signature ok
subject=/C=ch/ST=Bern/L=Bern/O=Unsere ich AG/OU=IT
Services/CN=*.example.ch/emailAddress=irgendwas@example.ch
Getting Private key

Apache Stoppen

# apachectl stop
/usr/sbin/apachectl stop: httpd stopped

Das File /var/www/conf/httpd.conf 

Module vhost_alias_module enablen

# dynamically configured mass virtual hosting
LoadModule vhost_alias_module  
/usr/lib/apache/modules/mod_vhost_alias.so


SSL Virtual Host Context ändern :




#  General setup for the virtual host
#DocumentRoot /var/www/htdocs
UseCanonicalName Off
VirtualDocumentRoot /var/%1
ServerName thetube.ch
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
CustomLog logs/ssl_request_log \\
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\"%r\\" %b"


Apache starten.

# httpd -u -DSSL

Wie funktioniers : Der subdomain ist in der variable %1 versteckt.
Ihr müsst nur ein verzeichniss anlegen z.B. /var/web/subdomain1 , 
/var/web/subdomain2
und schon wird das DocumentRoot automatisch in das richtige umgeleitet.

--
rocky