Linux Memo/NSI
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
**SNI(Server Name Indication) [#f788ed82]
従来、apacheを利用してvirtual hostを作成するにはSSLを利用...
ただし、SNIに対応するにはapacheの2.2.12以上、opensslの0.9...
vine5.2はapache2-2.2.14,opensslは0.9.8pなので使用できそう...
WindowsXP+IE6とWindows7+IE8のパケットを見ると、IE8のほう...
Extentsion sever_nameでサーバ名を伝えている。これによりサ...
&ref("./SNI1.png");
''Windows7+IE8''
&ref("./SNI2.png");
''WindowsXP+IE6''
**設定 [#s78bedea]
/etc/apache2/confは従来通りに設定
/etc/apache2/conf.d/ssl.confも通常のようにssl使用するよう...
''hostについて''~
URLは web.abc-u.ac.jpとweb2.abc-u.ac.jp~
documetは/var/www/htmlと/var/www/web2
# cd /etc/apache2/conf.d
# cp /etc/apache2/conf/extra/httpd-vhosts.conf .
/etc/apache2/conf.d/httpd-vhosts.conf
(略)
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
NameVirtualHost *:443 <==追加
SSLStrictSNIVHostCheck off <==追加
##以下にport80を設定デフォルトのURL用(httpd.conf)の設定...
<VirtualHost *:80>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/html"
ServerName web.abc-u.ac.jp
ServerAlias web.abc-u.ac.jp
ErrorLog "/var/log/apache2/ssl-error_log"
CustomLog "/var/log/apache2/ssl-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/web2"
ServerName web2.abc-u.ac.jp
ServerAlias web2.abc-u.ac.jp
ErrorLog "/var/log/apache2/web2-error_log"
CustomLog "/var/log/apache2/web2-access_log" common
</VirtualHost>
##以下にsslを設定デフォルトのURL用(ssl.conf)の設定内容...
# Secure Shell ver.
<VirtualHost *:443>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/html"
ServerName web.abc-u.ac.jp:443
#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Private Key:
# If the key is not combined with the certificate,...
# directive to point at the key file. Keep in min...
# you've both a RSA and a DSA private key you can ...
# both in parallel (to also allow the use of DSA c...
SSLCertificateFile "/root/ssl_key/server.crt"
SSLCertificateKeyFile "/root/ssl_key/newkey.pem"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/web2"
ServerName web2.abc-u.ac.jp:443
#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Private Key:
# If the key is not combined with the certificate,...
# directive to point at the key file. Keep in min...
# you've both a RSA and a DSA private key you can ...
# both in parallel (to also allow the use of DSA c...
SSLCertificateFile "/root/ssl_key2/server.crt"
SSLCertificateKeyFile "/root/ssl_key2/newkey.pem"
<Directory "/var/www/web2">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
**対応ブラウザ [#y49fd7b8]
IE7+WindowsXPの組合わせ以外はほとんど使用できそう。
**参考 [#w96892f1]
-http://www.gcd.org/blog/2007/06/122/
-http://builder.japan.zdnet.com/etc/20402262/2/
-http://community.giga-works.com/apache/apache22xvirtualh...
終了行:
**SNI(Server Name Indication) [#f788ed82]
従来、apacheを利用してvirtual hostを作成するにはSSLを利用...
ただし、SNIに対応するにはapacheの2.2.12以上、opensslの0.9...
vine5.2はapache2-2.2.14,opensslは0.9.8pなので使用できそう...
WindowsXP+IE6とWindows7+IE8のパケットを見ると、IE8のほう...
Extentsion sever_nameでサーバ名を伝えている。これによりサ...
&ref("./SNI1.png");
''Windows7+IE8''
&ref("./SNI2.png");
''WindowsXP+IE6''
**設定 [#s78bedea]
/etc/apache2/confは従来通りに設定
/etc/apache2/conf.d/ssl.confも通常のようにssl使用するよう...
''hostについて''~
URLは web.abc-u.ac.jpとweb2.abc-u.ac.jp~
documetは/var/www/htmlと/var/www/web2
# cd /etc/apache2/conf.d
# cp /etc/apache2/conf/extra/httpd-vhosts.conf .
/etc/apache2/conf.d/httpd-vhosts.conf
(略)
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
NameVirtualHost *:443 <==追加
SSLStrictSNIVHostCheck off <==追加
##以下にport80を設定デフォルトのURL用(httpd.conf)の設定...
<VirtualHost *:80>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/html"
ServerName web.abc-u.ac.jp
ServerAlias web.abc-u.ac.jp
ErrorLog "/var/log/apache2/ssl-error_log"
CustomLog "/var/log/apache2/ssl-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/web2"
ServerName web2.abc-u.ac.jp
ServerAlias web2.abc-u.ac.jp
ErrorLog "/var/log/apache2/web2-error_log"
CustomLog "/var/log/apache2/web2-access_log" common
</VirtualHost>
##以下にsslを設定デフォルトのURL用(ssl.conf)の設定内容...
# Secure Shell ver.
<VirtualHost *:443>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/html"
ServerName web.abc-u.ac.jp:443
#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Private Key:
# If the key is not combined with the certificate,...
# directive to point at the key file. Keep in min...
# you've both a RSA and a DSA private key you can ...
# both in parallel (to also allow the use of DSA c...
SSLCertificateFile "/root/ssl_key/server.crt"
SSLCertificateKeyFile "/root/ssl_key/newkey.pem"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin okada@abc-u.ac.jp
DocumentRoot "/var/www/web2"
ServerName web2.abc-u.ac.jp:443
#SSL Engine Switch:
#Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Private Key:
# If the key is not combined with the certificate,...
# directive to point at the key file. Keep in min...
# you've both a RSA and a DSA private key you can ...
# both in parallel (to also allow the use of DSA c...
SSLCertificateFile "/root/ssl_key2/server.crt"
SSLCertificateKeyFile "/root/ssl_key2/newkey.pem"
<Directory "/var/www/web2">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
**対応ブラウザ [#y49fd7b8]
IE7+WindowsXPの組合わせ以外はほとんど使用できそう。
**参考 [#w96892f1]
-http://www.gcd.org/blog/2007/06/122/
-http://builder.japan.zdnet.com/etc/20402262/2/
-http://community.giga-works.com/apache/apache22xvirtualh...
ページ名:
![[PukiWiki]](image/../localimages/Atom.gif "[PukiWiki]")
