----- "Grant" <emailgrant@xxxxxxxxx> wrote:
> >> The "virtualhost for each SSL host" is what I mean by separate
> >> apache2
> >> configs. ÂI'd like to be able to define different domain names on
> the
> >> fly within my perl scripts without changing apache2 config. ÂMaybe
> >> we're just not there yet?
> >
> > You can also use things like mod_macro to enable that kind of
> flexibility.
>
> I looked at mod_macro but it seems to essentially be a framework for
> setting and reading variable values within the apache2 config files.
> What I'd like to do is allow new SSL domains to be defined from the
> web in an automatic fashion without the need for SSH access. At this
> point I'm thinking something that generates a new vhost config file
> for each domain name would be perfect. It could use a template for
> each file and just change the IP address and SSL certificate/key
> references. Does something like this exist?
Aaaha...
An (SSL) VHost is just a couple of lines.. depending on your setup
either the IP/Cert/ServerName (IP Based) or only the ServerName
(SubjectAltName)
One way or the other, you can define a pattern:
<Macro SSLVhost $servername $ip>
<VirtualHost $ip:443>
ServerName $servername
DocumentRoot /srv/web/$servername/htdocs
SSLEngine On
SSLCertificateChainFile /etc/pki/ssl/$servername.pem
ErrorLog /var/log/httpd/$servername/error_log
</VirtualHost>
</Macro>
, and then
Use SSLVhost servername IP
In some or the other file. That's one line you have to add -- and then you do an
apachectl graceful.
> I've read references to "pre-processing apache2 config files with
> perl". Is that the way to go here?
Yes, sjorge toyed with this option and created some kind of monster..
http://wiki.apache.org/httpd/ApacheVirtualHostMysql
This might give you an idea..
> - Grant
>
>
> >> Why would you use multiple IPs instead of X.509 v3 with
> >> subjectAltName? ÂDoes subjectAltName have any drawbacks?
> >
> > Though more widely spread, it's the same as for SNI:
> > It's not supported by all Browsers/libraries
> >
> > One example that comes to my mind is serf.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--
Igor GaliÄ
Tel: +43 (0) 664 886 22 883
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|