-For this to work, Apache offers a NameVirtualHost directive. You can see how to use it in httpd.conf in the following pattern. Note that wildcards (*) in httpd.conf break the NameVirtualHost method – you can’t use them in this new configuration. In other words, no more *80> or *443>. And you really must specify the IP, too, even if you only have one. Also note that you will soon be needing two additional NameVirtualHost lines at the top of the file to cater for IPv6.
-
- NameVirtualHost 12.123.456.1:443
- NameVirtualHost 12.123.456.1:80
-
- <VirtualHost www.anywhere.net:80>
- DocumentRoot /var/www/anywhere
- Servername www.anywhere.net
- </VirtualHost>
-
- <VirtualHost www.anywhere.net:443>
- DocumentRoot /var/www/anywhere
- Servername www.anywhere.net
- SSLEngine On
- <pointers to a an eligible cert>
- <more ssl stuff >
- <other stuff>
- </VirtualHost>
-
- <VirtualHost www.somewhere-else.net:80>
- DocumentRoot /var/www/somewhere-else
- Servername www.somewhere-else.net
- </VirtualHost>
-
- <VirtualHost www.somewhere-else:443>
- DocumentRoot /var/www/somewhere-else
- Servername www.somewhere-else.net
- SSLEngine On
- <pointers to another eligible cert>
- <more ssl stuff >
- <other stuff>
- </VirtualHost>
-
-Of course, you may optionally be using other places like the sites-available directory to configure Apache, in which case only some of this information need be in httpd.conf or ports.conf - specifically, the NameVirtualHost lines must be there. But if you're savvy about alternatives like that, you will probably be able to figure out the details yourself.
-
-Just restart Apache when you're done, whichever way you decide to do it.
-
-**StartSSL on Nginx**
-
-First, update to the latest Friendica code. Then follow the above instructions to get your free certificate. But instead of following the Apache installation instructions, do this:
-
-Upload your certificate. It doesn't matter where to, as long as Nginx can find it. Some people use /home/randomlettersandnumbers to keep it in out of paranoia, but you can put it anywhere, so we'll call it /foo/bar.
-
-You can remove the password if you like. This is probably bad practice, but if you don't, you'll have to enter the password every time you restart nginx. To remove it:
-
- openssl rsa -in ssl.key-pass -out ssl.key
-
-Now, grab the helper certificate:
-
- wget http://www.startssl.com/certs/sub.class1.server.ca.pem
-
-Now you need to merge the files:
-
- cat ssl.crt sub.class1.server.ca.pem > ssl.crt
-
-In some configurations there is a bug, and this doesn't quite work properly. You may now need to edit ssl.crt, so:
-
- nano /foo/bar/ssl.crt
-
-You'll see two certificates in the same file. Halfway down, you may see:
-
- -----END CERTIFICATE----------BEGIN CERTIFICATE-----
-
-This is bad. You need to see:
-
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
-
-You can enter the carriage return manually if the bug is present on your system. Note there is a single carriage return for -----BEGIN CERTIFICATE----- to start on a new line. There is no empty line.
-
-Now you need to tell Nginx about the certs.
-
-In /etc/nginx/sites-available/foo.com.conf you need something like:
-
- server {
-
- listen 80;
-
- listen 443 ssl;
-
- listen [::]:80;
-
- listen [::]:443 ipv6only=on ssl;
-
- ssl_certificate /foo/bar/ssl.crt;
-
- ssl_certificate_key /foo/bar/ssl.key;
-
- ...
-
-Now, restart nginx:
-
- /etc/init.d/nginx restart
-
-And that's it.
-
-For multiple domains, we have it easier than Apache users: Just repeat the above for each certificate, and keep it in it's own {server...} section.
\ No newline at end of file