lighttpd with multiple IPs, each with a UCC certificate and many hostnames

Posted by Dave on Server Fault See other posts from Server Fault or by Dave
Published on 2011-01-17T04:36:17Z Indexed on 2011/01/17 4:54 UTC
Read the original article Hit count: 314

Filed under:
|
|

I'd like to get lighttpd working with UCC certificates, but I can't seem to figure out the correct syntax.

Essentially, for each IP address, I have one UCC certificate and a bunch of hostnames.

$SERVER["socket"] == "10.0.0.1:443" {
    ssl.engine                              = "enable"
    ssl.ca-file                             = "/etc/ssl/certs/the.ca.cert.pem"
    ssl.pemfile                             = "/etc/ssl/private/websitegroup1.com.pem"
    $HTTP["host"] =~ "mywebsite.com" {
            server.document-root    = /var/www/mywebsite.com/htdocs"
    }

The above code works fine for one hostname, but as soon as I try to set up another hostname (note the same SSL cert):

$SERVER["socket"] == "10.0.0.1:443" {
    ssl.engine                              = "enable"
    ssl.ca-file                             = "/etc/ssl/certs/the.ca.cert.pem"
    ssl.pemfile                             = "/etc/ssl/private/websitegroup1.com.pem"
    $HTTP["host"] =~ "anotherwebsite.com" {
            server.document-root    = /var/www/anotherwebsite.com/htdocs"
    }

...I get this error: Duplicate config variable in conditional 6 global/SERVERsocket==10.0.0.1:443: ssl.engine

Is there any way I can put a conditional so that only if ssl.engine is not already enabled, enable it? Or do I have to put all my $HTTP["host"]s inside the same $SERVER["socket"] (which will make config file management more difficult for me) or is there some entirely different way to do it?

This has to be repeated for multiple IPs too (so I'll have a bunch of SERVER["socket"] == 10.0.0.2:443" etc), each with one UCC cert and many hostnames.

Am I going about this the wrong way entirely? My goal is to conserve IP addresses when I have many websites that are related and can share an SSL certificate, but still need their own SSL-accessible version from the appropriate hostname (instead of a single secure.mywebsite.com).

© Server Fault or respective owner

Related posts about ssl-certificate

Related posts about lighttpd