X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;ds=sidebyside;f=etc%2Flighttpd%2Flighttpd.conf;h=c410fb93533153c079da630b45bb97d97c51b3d7;hb=fb8291e5712a9bf3cccb4a88a7467e9e691ba5cb;hp=c6d07b336c5716b2c6c6d81e19159ca5bb35e0b9;hpb=0f32993712d2ef203b84958062ea04802069ba39;p=matthijs%2Fservers%2Fdrsnuggles.git

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index c6d07b3..c410fb9 100644
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -11,6 +11,7 @@ var.fcgi-dir             = var.root-dir + "/var/fcgi"
 
 ## modules to load
 server.modules              = (
+            "mod_auth",
             "mod_access",
             "mod_alias",
             "mod_accesslog",
@@ -19,7 +20,7 @@ server.modules              = (
             "mod_evhost",
             "mod_cgi",
             "mod_fastcgi",
-            "mod_auth",
+            "mod_setenv",
 )
 
 # Set a default catch-all document root, which should never be used.
@@ -65,7 +66,21 @@ server.dir-listing          = "disable"
 server.username            = "www-data"
 server.groupname           = "www-data"
 
-alias.url                  = ("/mysql" => "/usr/share/phpmyadmin")
+# Make mysqll frontend available in all domains
+alias.url                  += ("/mysql" => "/usr/share/phpmyadmin")
+
+$SERVER["socket"] == ":443" {
+	ssl.engine = "enable" 
+	# The CA certificates (in particular, this contains the intermediate
+	# certificate used by startcom). It seems that even without this
+	# option, it already works, probably because openssl ships some
+	# certificates. But, let's put it here to be safe anyway.
+	ssl.cafile = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
+	# Use the mail.stdout.nl certificate as the default certificate (for
+	# non-SNI browsers and domains without their own certificate), since
+	# it is currently the only one we have anyway.
+	ssl.pemfile = "/etc/lighttpd/ssl/mail.stdout.nl.pem" 
+}
 
 #### external configuration files
 ## mimetype mapping