ssl

Using a single server for multiple virtual hosts is something that comes naturally nowadays for any web server sysadmin. Using SSL certificates is also common (particularly so since the infamous Blacksheep extension for Firefox as published a few years back). However, the mixing of SSL and virtual hosts might not be as easy as you might think.

This must appear in one opportunity in 1000, but it happened to me, so I bet it might have just happened to you... Munin is great, Nginx is great, and SSL is great, but when you mix all of them together, you might get some frustrating behaviour. If you don't know it already, you can test the results of a Munin plugin on Debian-based systems with the command

sudo munin-run [plugin]

For example, if your nginx_status graph in the Munin web interface is empty, you can try

sudo munin-run nginx_status

The name of the plugin will auto-complete with the TAB key, with any plugin

For some reason, it might be very difficult to find information on how to renew a self-signed certificate. This is a nice (and short) explanation: http://linux.togaware.com/survivor/Renew_SSL.html. Please note that a .pem file is in fact (as you can guess from the small guide) a combined .key and .crt. In short and only for the purpose of not loosing this reference (as has happened many times before with sites referenced on this blog), here is the procedure (just adapt to your case, i.e.

On Linux systems, there used to be a mildly complicated but tedious way to allow you to SSH another computer using your public key, which involved finding and copying your public key on the other host, then connecting to the host and putting this key into ~/.ssh/authorized_keys. Now there is a much simpler way to do that... Just launch the following command (with your own data), enter your password, and that's it!

ssh-copy-id  yourusername@remote.host.address

I love administrative simplification!

The post is in French, but is certainly worth the effort of translation for people looking on how to do this: http://howto.landure.fr/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines If enough people ask for a good translation, I'll consider doing that here.

Introduction

Setting up several VirtualHost's on an Apache2 server is easy. Setting up several VirtualHost's on an Apache 2 server, some of them using SSL (HTTPS) is considerably less easy. The main problem is the documentation, not really easy to find, with examples of such configurations. Here, we will intend to give all the steps to get there, remaining at a minimal level of complexity. If you want more details, I suggest you have a look at this nice article by Artur Maj.