X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Flighttpd%2Flighttpd.conf;h=50d892aa709ff34cb9d7c89dd4f5009d459f17d2;hb=b3e4ccffd2ec8225fcf8b9fa40a9279e2af3e31b;hp=5a0dc8d8d7046fe7ffc7c438de5185ee882a8d35;hpb=8cbae7c2c9aa2d4ed4371113e5900a9adbfa6d5e;p=matthijs%2Fservers%2Fdrsnuggles.git

diff --git a/etc/lighttpd/lighttpd.conf b/etc/lighttpd/lighttpd.conf
index 5a0dc8d..50d892a 100644
--- a/etc/lighttpd/lighttpd.conf
+++ b/etc/lighttpd/lighttpd.conf
@@ -69,6 +69,19 @@ server.groupname           = "www-data"
 # Make mysqll frontend available in all domains
 alias.url                  += ("/mysql" => "/usr/share/phpmyadmin")
 
+$SERVER["socket"] == ":443" {
+	ssl.engine = "enable" 
+	# The CA certificates (in particular, this contains the intermediate
+	# certificate used by startcom). It seems that even without this
+	# option, it already works, probably because openssl ships some
+	# certificates. But, let's put it here to be safe anyway.
+	ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
+	# Use the mail.stdin.nl certificate as the default certificate (for
+	# non-SNI browsers and domains without their own certificate), since
+	# it is currently the only one we have anyway.
+	ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem"
+}
+
 #### external configuration files
 ## mimetype mapping
 include_shell var.conf-dir + "/scripts/create-mime.assign.pl"