-Many people using a virtual private or dedicated server will be running more than Friendica on it.
-They will probably want to use SSL for other sites they run on the server, too.
-To achieve this, they may wish to employ more than one certificate with a single IP – for instance, a trusted one for Friendica and a self-signed certificate for personal stuff (possibly a wildcard certificate covering arbitrary subdomains).
-
-For this to work, Apache offers a NameVirtualHost directive.
-You can see how to use it in httpd.conf in the following pattern.
-Note that wildcards (*) in httpd.conf break the NameVirtualHost method – you can’t use them in this new configuration.
-In other words, no more *80> or *443>.
-And you really must specify the IP, too, even if you only have one.
-Also note that you will soon be needing two additional NameVirtualHost lines at the top of the file to cater for IPv6.
-
- NameVirtualHost 12.123.456.1:443
- NameVirtualHost 12.123.456.1:80
-
- <VirtualHost www.anywhere.net:80>
- DocumentRoot /var/www/anywhere
- Servername www.anywhere.net
- </VirtualHost>
-
- <VirtualHost www.anywhere.net:443>
- DocumentRoot /var/www/anywhere
- Servername www.anywhere.net
- SSLEngine On
- <pointers to a an eligible cert>
- <more ssl stuff >
- <other stuff>
- </VirtualHost>
-
- <VirtualHost www.somewhere-else.net:80>
- DocumentRoot /var/www/somewhere-else
- Servername www.somewhere-else.net
- </VirtualHost>
-
- <VirtualHost www.somewhere-else:443>
- DocumentRoot /var/www/somewhere-else
- Servername www.somewhere-else.net
- SSLEngine On
- <pointers to another eligible cert>
- <more ssl stuff >
- <other stuff>
- </VirtualHost>
-
-Of course, you may optionally be using other places like the sites-available directory to configure Apache, in which case only some of this information need be in httpd.conf or ports.conf - specifically, the NameVirtualHost lines must be there.
-But if you're savvy about alternatives like that, you will probably be able to figure out the details yourself.
-
-Just restart Apache when you're done, whichever way you decide to do it.
-
-**StartSSL on Nginx**
-
-First, update to the latest Friendica code.
-Then follow the above instructions to get your free certificate.
-But instead of following the Apache installation instructions, do this:
-
-Upload your certificate.
-It doesn't matter where to, as long as Nginx can find it.
-Some people use /home/randomlettersandnumbers to keep it in out of paranoia, but you can put it anywhere, so we'll call it /foo/bar.
-
-You can remove the password if you like. This is probably bad practice, but if you don't, you'll have to enter the password every time you restart nginx. To remove it:
-
- openssl rsa -in ssl.key-pass -out ssl.key
-
-Now, grab the helper certificate:
-
- wget http://www.startssl.com/certs/sub.class1.server.ca.pem
-
-Now you need to merge the files:
-
- cat ssl.crt sub.class1.server.ca.pem > ssl.crt
-
-Now you need to tell Nginx about the certs.
-
-In /etc/nginx/sites-available/foo.com.conf you need something like:
-
- server {
-
- listen 80;
-
- listen 443 ssl;
-
- listen [::]:80;
-
- listen [::]:443 ipv6only=on ssl;
-
- ssl_certificate /foo/bar/ssl.crt;
-
- ssl_certificate_key /foo/bar/ssl.key;
-
- ...
-
-Now, restart nginx:
-
- /etc/init.d/nginx restart
-
-And that's it.
-
-For multiple domains, we have it easier than Apache users:
-Just repeat the above for each certificate, and keep it in it's own {server...} section.