Enable SNI on Ubuntu 12.04 LTS

Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs
Apache 2.2. This allows running multiple HTTPS sites from one IP
address/TCP port when SubjectAltNames are specified in the
certificate, but MSIE on WinXP does not support this extension and
so will cease working for HTTPS sites managed by this module. Note
that this behavior is already implicit on Apache 2.4 based platforms
(such as Ubuntu 14.04 LTS).

Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
This commit is contained in:
Jeremy Stanley 2015-10-19 19:51:14 +00:00
parent 0dcb175c42
commit ebdc05976f
2 changed files with 14 additions and 0 deletions

4
files/sni Normal file
View File

@ -0,0 +1,4 @@
# Enable SNI for HTTPS (this breaks HTTPS sites for MSIE on WinXP)
<IfModule mod_ssl.c>
NameVirtualHost *:443
</IfModule>

View File

@ -31,4 +31,14 @@ class httpd::ssl {
fail( "${::operatingsystem} not defined in httpd::ssl.")
}
}
if $::lsbdistcodename == 'precise' {
# Unconditionally enable SNI on Ubuntu 12.04 (it's on by default in 14.04)
file { '/etc/apache2/conf.d/sni':
ensure => present,
source => 'puppet:///modules/httpd/sni',
notify => Service['httpd'],
require => Package['httpd'],
}
}
}