The configuration of a multiple HTTPS virtual host. So how do you configure your Apache environment? The principles used are the same one, that is SNI. A domain-based virtual host, that is, an HTTPS virtual host that shares the same IP address and port.
The sni-server name indicates that it is an extension of TLS that makes it possible to configure SSL-enabled, domain-based virtual hosts. A virtual host that breaks each HTTPS requires an IP address. As a result, costs are greatly reduced because all HTTPS virtual hosts can share the same IP address and port, making HTTPS Web services simpler.
In the Apache environment, you need to use MOD_GNUTLS to configure multiple HTTPS hosts on the same IP. Let's look at the implementation process:
MOD_GNUTLS's web site see: https://mod.gnutls.org
1. Install Mod_gnutls
The code is as follows |
Copy Code |
# yum Install Httpd-devel Gnutls-devel # wget HTTP://WWW.OUTOFORDER.CC/DOWNLOADS/MOD_GNUTLS/MOD_GNUTLS-0.2.0.TAR.BZ2 # TAR-XJVF MOD_GNUTLS-0.2.0.TAR.BZ2 # CD mod_gnutls-0.2.0 #./configure--PREFIX=/USR # make |
If you want to install a high version of GNUTLS, you need to first install the corresponding dependent package Libnettle Gmplib. Download Address: http://www.gnutls.org/download.html FTP://FTP.GNUTLS.ORG/GCRYPT/GNUTLS
2. Apache Loading MOD_GNUTLS Module
The code is as follows |
Copy Code |
# CP Mod_gnutls-0.2.0/src/.libs/libmod_gnutls.so/usr/lib/httpd/modules/mod_gnutls.so # CP mod_gnutls-0.2.0/data/{dh,rsa}file/etc/httpd/conf/ |
3. Configure httpd.conf
The code is as follows |
Copy Code |
Listen 10.1.1.22:443 LoadModule Gnutls_module modules/mod_gnutls.so AddType Application/x-x509-ca-cert. CRT AddType application/x-pkcs7-crl. CRL Gnutlscache dbm "/var/cache/mod_gnutls_cache" Gnutlscachetimeout 300 Namevirtualhost 10.1.1.22:443 |
4. Configure the virtual host
code is as follows |
copy code |
<virtualhost 10.1.1.22:443> ServerName your domain name 2 : 443 gnutlsenable on gnutlscertificatefile./ssl/your domain 2.public.cer & nbsp; gnutlskeyfile./ssl/your domain 2.private.key documentroot "/data/wwwroot/your domain Name 2/ Webroot </virtualhost> <virtualhost 10.1.1.22:443> ServerName your domain name : 443 gnutlsenable on gnutlscertificatefile./ssl/your domain. Public.cer gnutlskeyfile/ssl/your domain name. Private.key documentroot "/data/wwwroot/your domain name/ Webroot " </virtualhost> |
It is normal to access each virtual host in this way.