| =========== |
| Secure HTTP |
| =========== |
| |
| ------------ |
| Module: core |
| ------------ |
| |
| :Author: Jan Kneschke |
| :Date: $Date: 2004/08/29 09:44:53 $ |
| :Revision: $Revision: 1.2 $ |
| |
| :abstract: |
| How to set up SSL in lighttpd |
| |
| .. meta:: |
| :keywords: lighttpd, ssl |
| |
| .. contents:: Table of Contents |
| |
| Description |
| =========== |
| |
| lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. |
| |
| Configuration |
| ------------- |
| |
| To enable SSL for the whole server you have to provide a valid |
| certificate and have to enable the SSL engine.:: |
| |
| ssl.engine = "enable" |
| ssl.pemfile = "/path/to/server.pem" |
| |
| The HTTPS protocol does not allow you to use name-based virtual |
| hosting with SSL. If you want to run multiple SSL servers with |
| one lighttpd instance you must use IP-based virtual hosting: :: |
| |
| $SERVER["socket"] == "10.0.0.1:443" { |
| ssl.engine = "enable" |
| ssl.pemfile = "www.example.org.pem" |
| server.name = "www.example.org" |
| |
| server.document-root = "/www/servers/www.example.org/pages/" |
| } |
| |
| If you have a .crt and a .key file, cat them together into a |
| single PEM file: |
| :: |
| |
| $ cat host.key host.crt > host.pem |
| |
| |
| Self-Signed Certificates |
| ------------------------ |
| |
| A self-signed SSL certificate can be generated like this: :: |
| |
| $ openssl req -new -x509 \ |
| -keyout server.pem -out server.pem \ |
| -days 365 -nodes |
| |
