[rs-commit] r350 - /rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Fri Mar 20 11:45:54 CET 2020 

Author: minfrin at redwax.eu
Date: Fri Mar 20 11:45:53 2020
New Revision: 350

Log:
Add the option of non-SSL virtual hosts, and why you might want one.

Modified:
    rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

Modified: rs-manual/trunk/src/site/xhtml5/configuration.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	(original)
+++ rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	Fri Mar 20 11:45:53 2020
@@ -76,14 +76,14 @@
         <p>
           There is no "correct" way to lay out a server. In this guide we use the following virtual
           host configuration from the <a href="https://interop.redwax.eu/rs/">Interop / Demo</a>
-          site, but others are possible.
+          site, but others are possible, including the use of no virtual hosts at all.
         </p>
       </header>
       <div class="content index align-left">
 
         <section>
           <header>
-            <h3>Virtual Host</h3>
+            <h3>SSL Virtual Host</h3>
           </header>
           <div class="content none">
 	        <p>
@@ -117,7 +117,7 @@
     SSLCACertificateFile /etc/pki/httpd/machine-caCert.pem
 
     <Directory "/var/www/secure/machine/web-docs">
-      Options +Indexes +FollowSymLinks +Includes
+      Options +Indexes +FollowSymLinks
       AllowOverride None
       Require all granted
     </Directory>
@@ -128,6 +128,38 @@
           </div>
         </section>
 
+        <section>
+          <header>
+            <h3>Virtual Host</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          Some SCEP clients paradoxically do not support connection to a secure webserver,
+	          as the SCEP protocol has it's own built security protections. For this reason,
+	          you might want to deploy a normal virtual host, as per the following example from
+	          the <a href="https://interop.redwax.eu/rs/">Interop / Demo</a> site. It is possible
+	          to host a certificate authority at both a secure and insecure URL at the same time,
+	          by including the same configuration in both the secure and normal virtual hosts.
+	        </p>
+<pre><code><![CDATA[<VirtualHost *:80>
+
+    DocumentRoot /var/www/virtual/machine/web-docs
+    ErrorLog /var/log/httpd/virtual/machine-error_log
+    CustomLog /var/log/httpd/virtual/machine-access_log combined
+
+    AddOutputFilter INCLUDES .shtml
+
+    <Directory "/var/www/virtual/machine/web-docs">
+      Options +Indexes +FollowSymLinks
+      AllowOverride None
+      Require all granted
+    </Directory>
+
+    IncludeOptional /etc/httpd/conf.d/virtual/machine/*.conf
+
+</VirtualHost>]]></code></pre>
+          </div>
+        </section>
 
       </div>
     </section>

More information about the rs-commit mailing list