Am 30.01.2014 00:03, schrieb James Peach: > On Jan 29, 2014, at 2:51 PM, Reindl Harald <[email protected]> wrote: >> what really would help in the documentation is a complete example of let say >> 2 complete different domains with their own cert and any related file for >> that in reverse mode to see a complete picture on one page >> >> for httpd both, a real SNI host and ssl-reverse-proxy is quite simple and >> connected >> in a few lines (see below) and i try to figure out how get it the same with >> ATS >> and there may also be *.domain.tld-wildcard-certs in the game, at least one > > ssl_multicert.config: > > ssl_cert_name=/etc/pki/domain2.example.com.pem > ssl_cert_name=/etc/pki/domain1.example.com.pem > > remap.config: > > map https://domain1.example.com http://origin1.example.com > map https://domain2.example.com http://origin2.example.com
thanks, that feels like i get the picture and for "ssl_multicert.config" i guess ATS is looking for what names the certificates are valid and selects them by the SNI name from the client and simply closes the connection if a bad client tries not configured SNI names ____________________________________________ so that would be my "remap.config" for https://domain1.example.com/ and make sure unencrypted connections are forwarded to https and for that no plugin is needed i guess - sounds fine, i will play around with that on my test-VM map https://domain1.example.com http://origin1.example.com redirect http://domain1.example.com/ https://domain1.example.com/ many thanks!
signature.asc
Description: OpenPGP digital signature
