Return to ssl.txt CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated

1.4.33

    1: ===========
    2: Secure HTTP
    3: ===========
    4: 
    5: ------------
    6: Module: core
    7: ------------
    8: 
    9: :Author: Jan Kneschke
   10: :Date: $Date: 2013/10/14 10:32:48 $
   11: :Revision: $Revision: 1.1.1.1 $
   12: 
   13: :abstract:
   14:   How to set up SSL in lighttpd
   15: 
   16: .. meta::
   17:   :keywords: lighttpd, ssl
   18: 
   19: .. contents:: Table of Contents
   20: 
   21: Description
   22: ===========
   23: 
   24: lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.
   25: 
   26: Configuration
   27: -------------
   28: 
   29: To enable SSL for the whole server you have to provide a valid
   30: certificate and have to enable the SSL engine.::
   31: 
   32:   ssl.engine = "enable"
   33:   ssl.pemfile = "/path/to/server.pem"
   34: 
   35: The HTTPS protocol does not allow you to use name-based virtual
   36: hosting with SSL. If you want to run multiple SSL servers with
   37: one lighttpd instance you must use IP-based virtual hosting: ::
   38: 
   39:   $SERVER["socket"] == "10.0.0.1:443" {
   40:     ssl.engine                  = "enable"
   41:     ssl.pemfile                 = "www.example.org.pem"
   42:     server.name                 = "www.example.org"
   43: 
   44:     server.document-root        = "/www/servers/www.example.org/pages/"
   45:   }
   46: 
   47: If you have a .crt and a .key file, cat them together into a
   48: single PEM file:
   49: ::
   50: 
   51:   $ cat host.key host.crt > host.pem
   52: 
   53: 
   54: Self-Signed Certificates
   55: ------------------------
   56: 
   57: A self-signed SSL certificate can be generated like this: ::
   58: 
   59:   $ openssl req -new -x509 \
   60:     -keyout server.pem -out server.pem \
   61:     -days 365 -nodes
   62: