mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-11 06:29:29 +01:00
document SNI
This commit is contained in:
parent
aecb28a616
commit
1fc513cef0
@ -49,6 +49,8 @@ server:
|
|||||||
|
|
||||||
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
|
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
|
||||||
":6697":
|
":6697":
|
||||||
|
# this is a standard TLS configuration with a single certificate;
|
||||||
|
# see the manual for instructions on how to configure SNI
|
||||||
tls:
|
tls:
|
||||||
cert: fullchain.pem
|
cert: fullchain.pem
|
||||||
key: privkey.pem
|
key: privkey.pem
|
||||||
|
@ -49,6 +49,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
|
|||||||
- [Redirect from plaintext to TLS](#how-can-i-redirect-users-from-plaintext-to-tls)
|
- [Redirect from plaintext to TLS](#how-can-i-redirect-users-from-plaintext-to-tls)
|
||||||
- [Reverse proxies](#reverse-proxies)
|
- [Reverse proxies](#reverse-proxies)
|
||||||
- [Client certificates](#client-certificates)
|
- [Client certificates](#client-certificates)
|
||||||
|
- [SNI](#sni)
|
||||||
- [Modes](#modes)
|
- [Modes](#modes)
|
||||||
- [User Modes](#user-modes)
|
- [User Modes](#user-modes)
|
||||||
- [Channel Modes](#channel-modes)
|
- [Channel Modes](#channel-modes)
|
||||||
@ -606,6 +607,20 @@ Oragono supports authenticating to user accounts via TLS client certificates. Th
|
|||||||
|
|
||||||
Client certificates are not supported over websockets due to a [Chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=329884).
|
Client certificates are not supported over websockets due to a [Chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=329884).
|
||||||
|
|
||||||
|
## SNI
|
||||||
|
|
||||||
|
Oragono supports [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication); this is useful if you have multiple domain names for your server, with different certificates covering different domain names. Configure your TLS listener like this:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
":6697":
|
||||||
|
tls-certificates:
|
||||||
|
-
|
||||||
|
cert: cert1.pem
|
||||||
|
key: key1.pem
|
||||||
|
-
|
||||||
|
cert: cert2.pem
|
||||||
|
key: key2.pem
|
||||||
|
```
|
||||||
|
|
||||||
--------------------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -23,6 +23,8 @@ server:
|
|||||||
|
|
||||||
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
|
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
|
||||||
":6697":
|
":6697":
|
||||||
|
# this is a standard TLS configuration with a single certificate;
|
||||||
|
# see the manual for instructions on how to configure SNI
|
||||||
tls:
|
tls:
|
||||||
cert: fullchain.pem
|
cert: fullchain.pem
|
||||||
key: privkey.pem
|
key: privkey.pem
|
||||||
|
Loading…
Reference in New Issue
Block a user