lighttpd/stdin.nl: Explicitly specify a ca-file for https

[matthijs/servers/drsnuggles.git] / etc / lighttpd / vhosts / stdin-nl

diff --git a/etc/lighttpd/vhosts/stdin-nl b/etc/lighttpd/vhosts/stdin-nl
index cdec07a873d409c2dbe0c2aac0359fb31a1742ba..f778be996cfc1cd33e5cabd31d520bd2362f6197 100644 (file)
--- a/etc/lighttpd/vhosts/stdin-nl
+++ b/etc/lighttpd/vhosts/stdin-nl
@@ -3,7 +3,6 @@ $HTTP["host"] =~ ".stdin.nl$" {
        var.site-fcgi-dir    = var.fcgi-dir + "/stdin-nl"
 
        evhost.path-pattern  = var.site-dir + "/htdocs/%3/"
-       accesslog.filename   = var.site-dir + "/logs/access.log"
 
        fastcgi.server    = ( ".php" => 
                ((
@@ -11,4 +10,24 @@ $HTTP["host"] =~ ".stdin.nl$" {
                        "broken-scriptfilename" => "enable",
                ))
        )
+
+       $HTTP["host"] == "mail.stdin.nl" {
+               alias.url += ( "/squirrel" => "/usr/share/squirrelmail" )
+
+               # Only expose parts of the hastymail directory
+               $HTTP["url"] =~ "^/hastymail(|/index.php|/templates|/js|/plugins|/images)(|/.*)$" {
+                       alias.url += ( "/hastymail" => var.site-dir + "/applications/hastymail2" )
+               }
+       }
+
+       # Enable SSL
+       $HTTP["host"] == "mail.stdin.nl" {
+               # Specify the certificate for this domain (uses SNI)
+               ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem" 
+               ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
+               # Redirect HTTP to HTTPS
+               $HTTP["scheme"] == "http" {
+                   url.redirect = ( "^(.*)" => "https://mail.stdin.nl$1" )
+               }
+       }
 }