OpenBSD 6.1/httpd SNI and acme-client

Leighton Sheppard Thu, 13 Apr 2017 13:02:30 -0700

Hi,

Sorry for spam, but I just wanted to share a pointer on how I have
setup httpd/SNI in OpenBSD 6.1 to work with HTTPS redirect and
acme-client. I used the following httpd.conf which works well:



Regards,
Leighton


# $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $

server "example.com" {
        listen on * port 80
        listen on :: port 80
        alias secure.example,com
        alias www.example.com

        log { access "example.com-access.log", error "example.com-error.log" }

        location "/.well-known/acme-challenge/*" {
                root "/htdocs/example.com/acme"
                root strip 2
        }
        location "/*" {
                block return 301 "https://$SERVER_NAME$REQUEST_URI";
        }
}

server "example.com" {
        listen on * tls port 443
        listen on :: tls port 443
        alias secure.example.com
        alias www.example.com

        log { access "example.com-sslaccess.log", error
"example.com-sslerror.log" }

        tls certificate "/etc/ssl/example.com.fullchain.pem"
        tls key "/etc/ssl/private/example.com.key.pem"

        directory { index "index.php" }
        location "*.php" { fastcgi socket "/run/php-fpm.sock" }

        root "/htdocs/example.com/"
}

OpenBSD 6.1/httpd SNI and acme-client

Reply via email to