lighttpd: Enable SSL for mail.stdout.nl.

[matthijs/servers/drsnuggles.git] / etc / lighttpd / lighttpd.conf

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index 676cb1f2c1a489addd5cdafd198d7688a9587253..c410fb93533153c079da630b45bb97d97c51b3d7 100644 (file)
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -11,6 +11,7 @@ var.fcgi-dir             = var.root-dir + "/var/fcgi"
 
 ## modules to load
 server.modules              = (
+            "mod_auth",
             "mod_access",
             "mod_alias",
             "mod_accesslog",
@@ -19,7 +20,6 @@ server.modules              = (
             "mod_evhost",
             "mod_cgi",
             "mod_fastcgi",
-            "mod_auth",
             "mod_setenv",
 )
 
@@ -69,6 +69,19 @@ server.groupname           = "www-data"
 # Make mysqll frontend available in all domains
 alias.url                  += ("/mysql" => "/usr/share/phpmyadmin")
 
+$SERVER["socket"] == ":443" {
+       ssl.engine = "enable" 
+       # The CA certificates (in particular, this contains the intermediate
+       # certificate used by startcom). It seems that even without this
+       # option, it already works, probably because openssl ships some
+       # certificates. But, let's put it here to be safe anyway.
+       ssl.cafile = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
+       # Use the mail.stdout.nl certificate as the default certificate (for
+       # non-SNI browsers and domains without their own certificate), since
+       # it is currently the only one we have anyway.
+       ssl.pemfile = "/etc/lighttpd/ssl/mail.stdout.nl.pem" 
+}
+
 #### external configuration files
 ## mimetype mapping
 include_shell var.conf-dir + "/scripts/create-mime.assign.pl"