summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/http/httpd-ssl-conf
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-07-08 06:38:07 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2010-07-08 06:38:07 +0000
commit211c686bc6d05d8d05e5490b9a9f612619461abc (patch)
treebb8f56afb24f2b52ea92598babff7d94fd70da10 /sca-cpp/trunk/modules/http/httpd-ssl-conf
parentf6a51224cc350c7d3b42b15051a9c074cce48b5d (diff)
More changes to get both single and mass dynamic virtual hosting working with HTTP and HTTPS.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@961589 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules/http/httpd-ssl-conf')
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf50
1 files changed, 43 insertions, 7 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 04ca61dba0..f6082dea14 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -28,6 +28,7 @@ if [ "$sslpport" = "" ]; then
fi
htdocs=`readlink -f $4`
httpd_prefix=`cat $here/httpd.prefix`
+vhost=$5
# Extract organization name from our CA certificate
org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'`
@@ -51,19 +52,31 @@ SSLMutex "file:$root/logs/ssl_mutex"
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
-# HTTPS virtual host
+# Setup HTTPS virtual hosts
Listen $sslport
-<VirtualHost _default_:$sslport>
+
+SSLCACertificateFile "$root/conf/ca.crt"
+SSLCertificateFile "$root/conf/server.crt"
+SSLCertificateKeyFile "$root/conf/server.key"
+
+<VirtualHost *:$sslport>
ServerName https://$host:$sslpport
UseCanonicalName Off
-UseCanonicalPhysicalPort Off
# Enable SSL
+Include conf/ssl-vhost.conf
+</VirtualHost>
+
+# Route all wiring through HTTPS
+SCAWiringServerName https://$host:$sslpport
+
+EOF
+
+# Generate VirtualHost SSL configuration
+cat >$root/conf/ssl-vhost.conf <<EOF
+# Enable SSL
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-SSLCACertificateFile "$root/conf/ca.crt"
-SSLCertificateFile "$root/conf/server.crt"
-SSLCertificateKeyFile "$root/conf/server.key"
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Logging
@@ -88,12 +101,35 @@ AuthType Basic
AuthName "$host"
AuthUserFile "$root/conf/httpd.passwd"
Require valid-user
-</location>
+</Location>
+
+EOF
+
+# Generate mass dynamic virtual hosting configuration
+if [ "$vhost" = "vhost" ]; then
+
+cat >>$root/conf/httpd.conf <<EOF
+# Setup mass dynamic virtual hosting
+NameVirtualHost *:$sslport
+SSLStrictSNIVHostCheck Off
+<VirtualHost *:$sslport>
+ServerName https://vhost.$host:$sslpport
+ServerAlias *.$host
+UseCanonicalName Off
+VirtualDocumentRoot $htdocs/domains/%1/
+
+# Enable SSL
+SSLCACertificateFile "$root/conf/ca.crt"
+SSLCertificateFile "$root/conf/vhost.crt"
+SSLCertificateKeyFile "$root/conf/vhost.key"
+Include conf/ssl-vhost.conf
</VirtualHost>
EOF
+fi
+
# Create test users for HTTP basic authentication
$httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null
$httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd foo foo 2>/dev/null