Re: [naviserver-devel] Host based virtual hosts

Sat, 04 Jul 2020 12:09:26 -0700 

 Dear Gustaf, my main problem is certificate. Loading the drivers globally
works. When I access domains they are pointing and working correctly.
The problem is nsssl when loaded globally must have "ns_param certificate",
I misunderstood this parameter. I thought its like "ns_param
defaultserver", like this "default certificate" will be used to connect to
defaultserver, not like "this certificate" will be used to connect to all
servers.

So now im facing this issues:
1) Some of the domains are not mine and belong to some clients, they might
have their own certificates they bought.
2) Also I don't know how many clients I will have in the future, so
everytime I add a new domain I need to regenerate multi-domain SAN cert
(they are really expensive and I can't afford it)

I thought it was more simple like:
1) Load nsssl globally
2) Define "defaultserver" and certificate for this "defaultserver"
3) Define different certificates for each domain in ns_section
"ns/server/${server}/module/nsssl

I hope my explanation makes sense.

Cheers, Maksym


On Sat, Jul 4, 2020 at 4:32 PM Gustaf Neumann <neum...@wu.ac.at> wrote:

> Dear Maksym,
>
> If you are using virtual host, you should load the drivers globally
> and - when connect via https - use multi-domain SAN certificates
> (as produced e.g. by [1]).
>
> openacs.org is a configuration using (a) multiple names for the
> same server (such as .org, .net, with and without "www." prefix),
> and (b) uses virtual hosts to redirect requests to different servers
> (e.g. https://dotlrn.org/, https://cvs.openacs.org/, http://xotcl.org/)
>
> it has essentially two global drivers, where both drivers
> have multiple IP addresses assigned:
>
>    set address "137.208.116.31 2001:628:404:74::31"
>
> The essential part of the log file is below (pasted together).
> Below this is the definition of the xotcl.org website.
>
> Does this help?
>
> -gn
>
>
> ======
> set server              "openacs.org"
> # ...
>
> ns_section ns/module/nsssl/servers
>         ns_param        $server         $server
>         ns_param        $server         www.openacs.net
>         ns_param        $server         www.openacs.org
>         ns_param        $server         www.openacs.com
>         ns_param        $server         openacs.net
>         ns_param        $server         openacs.com
>         ns_param        $server         openacs.wu.ac.at
>         ns_param        $server         openacs.wu-wien.ac.at
>         ns_param        $server         smtp.openacs.org
>         ns_param        dotlrn          dotlrn.org
>         ns_param        dotlrn          dotlrn.net
>         ns_param        dotlrn          dotlrn.com
>         ns_param        dotlrn          www.dotlrn.com
>         ns_param        dotlrn          www.dotlrn.org
>         ns_param        cvs             fisheye.openacs.org
>         ns_param        cvs             cvs.openacs.org
>
> ns_section ns/module/nssock/servers
>         ns_param        $server         $server
>         ns_param        $server         www.openacs.net
>         ns_param        $server         www.openacs.org
>         ns_param        $server         www.openacs.com
>         ns_param        $server         openacs.net
>         ns_param        $server         openacs.com
>         ns_param        $server         openacs.wu.ac.at
>         ns_param        $server         openacs.wu-wien.ac.at
>         ns_param        $server         smtp.openacs.org
>         ns_param        dotlrn          dotlrn.org
>         ns_param        dotlrn          dotlrn.net
>         ns_param        dotlrn          dotlrn.com
>         ns_param        dotlrn          www.dotlrn.com
>         ns_param        dotlrn          www.dotlrn.org
>         ns_param        dotlrn          www.dotlrn.net
>         ns_param        cvs             fisheye.openacs.org
>         ns_param        cvs             cvs.openacs.org
>         ns_param        xotcl           xotcl.org
>         ns_param        xotcl           www.xotcl.org
> ======
>
>
> ======
> ########################################################################
> # XOTcl.org
> ########################################################################
> ns_section "ns/servers"
>     ns_param xotcl "Old XOTcl Web Site"
>
> ns_section ns/module/nssock/servers
>     ns_param xotcl xotcl.org
>     ns_param xotcl www.xotcl.org
>
> ns_section ns/server/xotcl
>     ns_param minthreads 2
>
> ns_section "ns/server/xotcl/tcl"
>     ns_param library /home/xotcl/www.xotcl.org/naviserver
> ======
>
>
> [1] https://bitbucket.org/naviserver/letsencrypt/src/master/
> On 04.07.20 13:54, Maksym Zinchenko wrote:
>
> Hello, I'm trying to set up host based virtual hosts with naviserver but I
> can't understand it easily or correctly. so what i'm trying to accomplish:
>
> _______________________________________________
> naviserver-devel mailing list
> naviserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
>

_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel






















					Reply via email to