ssl/hosting – bytemark-vhost – Trac

Context Navigation

Configuring SSL Hosting

Each time you need to add a new SSL site to your virtual host you need to have:

A dedicated (additional) IP address.
An SSL certificate

You always need an additional IP address to add an SSL site, even if you don't currently have any SSL sites enabled. When you're hosting sites with the bytemark virtual hosting packages generally you don't need to care about IP addresses as you can have multiple sites upon the single host, but for SSL-based sites you do need to pick an address manually.

NOTE you can't just make up any IP address! If you need an extra address for hosting a new SSL-based site you should contact Bytemark Support as usual.

Example Of Adding An SSL Site

For this example we'll configure the site secure.com, with the IP address 1.2.3.4.

Once you've configured the hosting for the domain by creating the directory /srv/secure.com/public/htdocs and uploading the content you're ready to begin the configuration of the SSL setup.

Because SSL hosting doesn't generally play well with other things we've chosen to simplify things. Hopefully not too much.

1. Record the IP address

You need to save the IP address which should be used for the site in the file /srv/secure.com/config/ip. The following works in our case:

   echo 1.2.3.4 > /srv/secure.com/config/ip

This will ensure that the system knows that your system should listen upon an additional IP address. This will also ensure that the DNS entries for the domain are updated to point to the dedicated IP address, and not the default IP of your machine.

2. Create / Upload your SSL certificate

Once you've configured the IP address the next thing to do is to move the certificate for your domain into place. For the domain secure.com you should place the certificate file at:

  /srv/secure.com/config/ssl.key

This is the location our system will look for it. This key is should be a combined key comprising of your RSA private key, and your Certificate concatenated together. It will look like this:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

If your SSL provider has given you a "bundle" file too then you should save that as /srv/secure.com/config/ssl.bundle

3. What next?

After an hour your host should notice that you've created a new SSL configuration (comprising of both a new SSL key and the dedicated IP address) and the site should start working.

Why wait an hour? Well every hour the system will invoke the script /etc/cron.hourly/create-ssl-sites, this will process the local domains you're hosting and create a new Apache configuration file for each domain that has a key and a non-standard IP.

Your new SSL site will have a dedicated Apache configuration file located in /etc/apache2/sites-enabled/secure.com.ssl - and you may edit that freely if you need to install a certificate chain file, or similar.

4. Having Problems?

If you run into problems with the configuration of SSL-based sites please get in touch, this support is still very new and there might be a couple of kinks to work out of the process.

Download in other formats:

Plain Text