{ "created": "2021-06-04T03:52:15Z", "hierarchy": [ { "name": "ROOT", "type": "folder", "uri": "/ROOT" }, { "name": "Ancient Sysadmin Stuff", "type": "folder", "uri": "Ancient_Sysadmin_Stuff" }, { "name": "SNI with mod gnutls on CentOS", "type": "article", "uri": "Ancient_Sysadmin_Stuff/SNI_with_mod_gnutls_on_CentOS" } ], "html": "\n\n \n \n \n \n \n \n \n \n \n \n \n SNI with mod gnutls on CentOS – Nikhil's Personal Wiki\n \n \n \n \n \n
\n
\n \n
\n
\n \n \n\n

SNI with mod gnutls on CentOS\n \n

\n

Installed on a 64-bit CentOS 5.8 system.

\n

Configuring Apache for SNI

\n
# Configure CentOS Testing repo and install mod_gnutls  \nwget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d  \nyum install mod_gnutls\n
\n

Here’s the package manifest:

\n
/etc/httpd/conf.d/mod_gnutls.conf  \n/etc/httpd/conf/dhfile  \n/etc/httpd/conf/rsafile  \n/usr/lib64/httpd/modules/libmod_gnutls.so  \n/usr/share/doc/mod_gnutls-0.2.0  \n/usr/share/doc/mod_gnutls-0.2.0/LICENSE  \n/usr/share/doc/mod_gnutls-0.2.0/NOTICE  \n/usr/share/doc/mod_gnutls-0.2.0/README  \n/var/cache/mod_gnutls_cache   \n
\n

Symlink the shared object file:

\n
ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so\n
\n

Disable ssl.conf from loading

\n
mv /etc/httpd/conf.d/ssl.conf{,.old}\n
\n

Edit /etc/httpd/conf.d/mod_gnutls.conf and uncomment (or add) the
\nfollowing:

\n
LoadModule gnutls_module modules/mod_gnutls.so  \nAddType application/x-x509-ca-cert .crt  \nAddType application/x-pkcs7-crl    .crl  \nListen 443\n
\n

Configuring Virtual Hosts

\n

Let’s say I want SNI for two virtual hosts:

\n\n

I create a configuration file for each in /etc/httpd/conf.d/. Let’s
\nstart with test.example.com. Here’s a skeleton:

\n
<VirtualHost 19.65.24.170:80>  \n    ServerName test.example.com  \n    DocumentRoot /var/www/html/test.example.com  \n    ServerAdmin support@test.example.com  \n  \n    <Directory />  \n        Options FollowSymLinks -Indexes  \n        AllowOverride All  \n    </Directory>  \n  \n    CustomLog /var/log/httpd/test.example.com-access.log combined  \n    ErrorLog /var/log/httpd/test.example.com-error.log  \n    LogLevel warn  \n</VirtualHost>  \n  \n<VirtualHost 19.65.24.170:443>  \n    GnuTLSEnable on  \n    GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt  \n    GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key  \n  \n    ServerName test.example.com  \n    DocumentRoot /var/www/html/test.example.com  \n    ServerAdmin support@test.example.com  \n  \n    <Directory />  \n        Options FollowSymLinks -Indexes  \n        AllowOverride All  \n    </Directory>  \n  \n    CustomLog /var/log/httpd/test.example.com-access.log combined  \n    ErrorLog /var/log/httpd/test.example.com-error.log  \n    LogLevel warn  \n</VirtualHost>\n
\n

I do the same for the other virtual host and restart Apache. Done.

\n\n\n
\n \n
\n \n \n \n \n \n\n", "id": "fd2c9d26-f4bd-5218-bab9-e60b54caeb6b", "modified": "2023-05-03T20:33:13Z", "revisions": [ { "authorEmail": "mail@nikhil.io", "authorName": "Nikhil Anand", "date": "2023-05-03T20:33:13Z", "id": "13fd9aa2c17070823012a12dd946d050e3ed6bf3", "shortId": "13fd9aa2", "subject": "Initial commit\n", "content": "Installed on a 64-bit CentOS 5.8 system.\n\nConfiguring Apache for SNI\n--------------------------\n\n # Configure CentOS Testing repo and install mod_gnutls \n wget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d \n yum install mod_gnutls\n\nHere's the package manifest:\n\n /etc/httpd/conf.d/mod_gnutls.conf \n /etc/httpd/conf/dhfile \n /etc/httpd/conf/rsafile \n /usr/lib64/httpd/modules/libmod_gnutls.so \n /usr/share/doc/mod_gnutls-0.2.0 \n /usr/share/doc/mod_gnutls-0.2.0/LICENSE \n /usr/share/doc/mod_gnutls-0.2.0/NOTICE \n /usr/share/doc/mod_gnutls-0.2.0/README \n /var/cache/mod_gnutls_cache  \n\nSymlink the shared object file:\n\n ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so\n\nDisable `ssl.conf` from loading\n\n mv /etc/httpd/conf.d/ssl.conf{,.old}\n\nEdit `/etc/httpd/conf.d/mod_gnutls.conf` and uncomment (or add) the\nfollowing:\n\n LoadModule gnutls_module modules/mod_gnutls.so \n AddType application/x-x509-ca-cert .crt \n AddType application/x-pkcs7-crl    .crl \n Listen 443\n\nConfiguring Virtual Hosts\n-------------------------\n\nLet's say I want SNI for two virtual hosts:\n\n- `test.example.com`\n- test.eng.uiowa.edu (merely a CNAME for the above)\n\nI create a configuration file for each in `/etc/httpd/conf.d/`. Let's\nstart with `test.example.com`. Here's a skeleton:\n\n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n \n \n     GnuTLSEnable on \n     GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt \n     GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key \n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n\nI do the same for the other virtual host and restart Apache. Done.\n" }, { "authorEmail": "nikhilanand@granular.ag", "authorName": "Nikhil Anand", "date": "2021-06-04T03:52:15Z", "id": "a0b139bf48db210c78d3aa8551d47212ca06c6ed", "shortId": "a0b139bf", "subject": "Reorg 2\n", "content": "Installed on a 64-bit CentOS 5.8 system.\n\nConfiguring Apache for SNI\n--------------------------\n\n # Configure CentOS Testing repo and install mod_gnutls \n wget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d \n yum install mod_gnutls\n\nHere's the package manifest:\n\n /etc/httpd/conf.d/mod_gnutls.conf \n /etc/httpd/conf/dhfile \n /etc/httpd/conf/rsafile \n /usr/lib64/httpd/modules/libmod_gnutls.so \n /usr/share/doc/mod_gnutls-0.2.0 \n /usr/share/doc/mod_gnutls-0.2.0/LICENSE \n /usr/share/doc/mod_gnutls-0.2.0/NOTICE \n /usr/share/doc/mod_gnutls-0.2.0/README \n /var/cache/mod_gnutls_cache  \n\nSymlink the shared object file:\n\n ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so\n\nDisable `ssl.conf` from loading\n\n mv /etc/httpd/conf.d/ssl.conf{,.old}\n\nEdit `/etc/httpd/conf.d/mod_gnutls.conf` and uncomment (or add) the\nfollowing:\n\n LoadModule gnutls_module modules/mod_gnutls.so \n AddType application/x-x509-ca-cert .crt \n AddType application/x-pkcs7-crl    .crl \n Listen 443\n\nConfiguring Virtual Hosts\n-------------------------\n\nLet's say I want SNI for two virtual hosts:\n\n- `test.example.com`\n- test.eng.uiowa.edu (merely a CNAME for the above)\n\nI create a configuration file for each in `/etc/httpd/conf.d/`. Let's\nstart with `test.example.com`. Here's a skeleton:\n\n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n \n \n     GnuTLSEnable on \n     GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt \n     GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key \n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n\nI do the same for the other virtual host and restart Apache. Done.\n" } ], "sizeInBytes": 2774, "source": "Installed on a 64-bit CentOS 5.8 system.\n\nConfiguring Apache for SNI\n--------------------------\n\n # Configure CentOS Testing repo and install mod_gnutls \n wget http://dev.centos.org/centos/5/CentOS-Testing.repo -P /etc/yum.repos.d \n yum install mod_gnutls\n\nHere's the package manifest:\n\n /etc/httpd/conf.d/mod_gnutls.conf \n /etc/httpd/conf/dhfile \n /etc/httpd/conf/rsafile \n /usr/lib64/httpd/modules/libmod_gnutls.so \n /usr/share/doc/mod_gnutls-0.2.0 \n /usr/share/doc/mod_gnutls-0.2.0/LICENSE \n /usr/share/doc/mod_gnutls-0.2.0/NOTICE \n /usr/share/doc/mod_gnutls-0.2.0/README \n /var/cache/mod_gnutls_cache  \n\nSymlink the shared object file:\n\n ln -s /usr/lib64/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so\n\nDisable `ssl.conf` from loading\n\n mv /etc/httpd/conf.d/ssl.conf{,.old}\n\nEdit `/etc/httpd/conf.d/mod_gnutls.conf` and uncomment (or add) the\nfollowing:\n\n LoadModule gnutls_module modules/mod_gnutls.so \n AddType application/x-x509-ca-cert .crt \n AddType application/x-pkcs7-crl    .crl \n Listen 443\n\nConfiguring Virtual Hosts\n-------------------------\n\nLet's say I want SNI for two virtual hosts:\n\n- `test.example.com`\n- test.eng.uiowa.edu (merely a CNAME for the above)\n\nI create a configuration file for each in `/etc/httpd/conf.d/`. Let's\nstart with `test.example.com`. Here's a skeleton:\n\n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n \n \n     GnuTLSEnable on \n     GnuTLSCertificateFile /etc/pki/tls/certs/test.example.com.crt \n     GnuTLSKeyFile /etc/pki/tls/private/test.example.com.key \n \n     ServerName test.example.com \n     DocumentRoot /var/www/html/test.example.com \n     ServerAdmin support@test.example.com \n \n      \n         Options FollowSymLinks -Indexes \n         AllowOverride All \n      \n \n     CustomLog /var/log/httpd/test.example.com-access.log combined \n     ErrorLog /var/log/httpd/test.example.com-error.log \n     LogLevel warn \n \n\nI do the same for the other virtual host and restart Apache. Done.\n", "title": "SNI with mod gnutls on CentOS", "untracked": false, "uri": "/Ancient_Sysadmin_Stuff/SNI_with_mod_gnutls_on_CentOS", "relativePath": "Ancient Sysadmin Stuff/SNI with mod gnutls on CentOS.md" }