[rs-commit] r352 - /rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Fri Mar 20 13:05:06 CET 2020 

Author: minfrin at redwax.eu
Date: Fri Mar 20 13:05:05 2020
New Revision: 352

Log:
Add documentation about the backend server.

Modified:
    rs-manual/trunk/src/site/xhtml5/configuration.xhtml5

Modified: rs-manual/trunk/src/site/xhtml5/configuration.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	(original)
+++ rs-manual/trunk/src/site/xhtml5/configuration.xhtml5	Fri Mar 20 13:05:05 2020
@@ -23,7 +23,7 @@
     </section>
 
     <section class="wrapper style1 align-center inner"
-        id="goals">
+        id="installation">
       <header>
         <h2>Installing Apache HTTP Server and Redwax Server</h2>
         <p>
@@ -61,12 +61,12 @@
 	        </p>
 	        <ul>
 	          <li><a href="https://copr.fedorainfracloud.org/coprs/redwax/rs/">Install binary RPMs on Redhat / Fedora / Mageia / OpenSUSE</a>.</li>
-                  <li>On <a href="https://nixos.org">NixOS</a> include a dependency in the apache extra modules section to any of <a href="https://nixos.org/nixos/packages.html?channel=nixpkgs-unstable&query=redwax"RedWax</a> packages (e.g. see this example this <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-timeserver.nix">timeserver</a>, a <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-revoke-crl.nix">revocations</a> or by <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-revoke-ocsp.nix">via OCSP</a> or  <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-sign.nix">signing certs</a>).</li>
+              <li>On <a href="https://nixos.org">NixOS</a> include a dependency in the apache extra modules section to any of <a href="https://nixos.org/nixos/packages.html?channel=nixpkgs-unstable&query=redwax">RedWax</a> packages (e.g. see this example this <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-timeserver.nix">timeserver</a>, a <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-revoke-crl.nix">revocations</a> or by <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-revoke-ocsp.nix">via OCSP</a> or <a href="https://github.com/NixOS/nixpkgs/blob/8dc7bff1c42322b247708b1b5a62c25a3e9fc747/nixos/tests/redwax-sign.nix">signing certs</a>).</li>
 <!--
-                 <li>On Apple MacOSX see the ports <a href="https://ports.macports.org/port/mod_ca">mod_ca</a>, <a href="https://ports.macports.org/port/mod_crl">mod_crl</a>, <a href="https://ports.macports.org/port/mod_ocsp">mod_ocsp</a>, <a href="https://ports.macports.org/port/mod_csr">mod_csr</a>, <a href="https://ports.macports.org/port/modPkcs12">modPkcs12</a>, <a href="https://ports.macports.org/port/mod_scep">mod_scep</a>, <a href="https://ports.macports.org/port/mod_timestamp">mod_timestampmod_ca</a> and so on in <a href="https://macports.org">MacPorts</a>.</i>
+              <li>On Apple MacOSX see the ports <a href="https://ports.macports.org/port/mod_ca">mod_ca</a>, <a href="https://ports.macports.org/port/mod_crl">mod_crl</a>, <a href="https://ports.macports.org/port/mod_ocsp">mod_ocsp</a>, <a href="https://ports.macports.org/port/mod_csr">mod_csr</a>, <a href="https://ports.macports.org/port/modPkcs12">modPkcs12</a>, <a href="https://ports.macports.org/port/mod_scep">mod_scep</a>, <a href="https://ports.macports.org/port/mod_timestamp">mod_timestampmod_ca</a> and so on in <a href="https://macports.org">MacPorts</a>.</i>
 -->
 <!--
-                 <li>On <a href="https://freebsd.org">FreeBSD</a> see the <a href="https://svnweb.freebsd.org/ports/head/www/redwax/">RedWax meta port</a>.</li>
+              <li>On <a href="https://freebsd.org">FreeBSD</a> see the <a href="https://svnweb.freebsd.org/ports/head/www/redwax/">RedWax meta port</a>.</li>
 -->
 	          <li><a href="installation.html">Install from source on your chosen platform</a>.</li>
 	        </ul>
@@ -77,7 +77,7 @@
     </section>
 
     <section class="wrapper style1 align-center inner"
-        id="goals">
+        id="virtualhost">
       <header>
         <h2>Configure a Virtual Host</h2>
         <p>
@@ -171,6 +171,73 @@
       </div>
     </section>
 
+    <section class="wrapper style1 align-center inner"
+        id="backend">
+      <header>
+        <h2>Configure a Redwax Backend Server</h2>
+        <p>
+          Your first choice to make is where you will receive your certificates, serial
+          numbers and time sources.
+        </p>
+      </header>
+      <div class="content index align-left">
+
+        <section>
+          <header>
+            <h3>Simple Configuration</h3>
+          </header>
+          <div class="content none">
+	        <p>
+	          In this example, we've decided to use the
+	          <a href="mod/mod_ca_simple.html">mod_ca_simple</a> module to issue certificates
+	          signed by a CA certificate and private key stored on local disk.
+	        </p>
+	        <p>
+	          We have also decided to issue serial numbers based on the local machine's
+	          random number generator, and have decided to use the system time.
+	        </p>
+	        <p>
+	          We have also, if required of us, decided to generate RSA keys with a size of
+	          4096 bits.
+	        </p>
+	        <p>
+	          Any certificates we issue will be leaf certificates (basicConstraints CA:FALSE),
+	          and will contain specific keyUsage and extendedKeyUsage fields. We also include
+	          a subjectKeyIdentifier and an authorityKeyIdentifier to our certificates.
+	        </p>
+	        <p>
+	          Other choices are available as documented in the list of
+	          <a href="modules.html#backend">backend modules</a>.
+	        </p>
+<pre><code><![CDATA[<IfModule !ca_module>
+  LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so
+</IfModule>
+<IfModule !ca_simple_module>
+  LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so
+</IfModule>
+
+<Location /test/simple>
+
+  CASimpleCertificate /etc/pki/interop/ca-cert.pem
+  CASimpleKey /etc/pki/interop/private/ca-key.pem
+  CASimpleDays 1
+  CASimpleTime on
+  CASimpleAlgorithm RSA rsa_keygen_bits=4096
+  CASimpleSerialRandom on
+
+  CASimpleExtension basicConstraints CA:FALSE
+  CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+  CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+  CASimpleExtension subjectKeyIdentifier hash
+  CASimpleExtension authorityKeyIdentifier keyid,issuer
+
+</Location>]]></code></pre>
+          </div>
+        </section>
+
+      </div>
+    </section>
+
   </body>
 </html>

More information about the rs-commit mailing list