3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 13:29:27 +01:00

document SNI

This commit is contained in:
Shivaram Lingamneni 2021-04-07 23:13:20 -04:00
parent aecb28a616
commit 1fc513cef0
3 changed files with 19 additions and 0 deletions

View File

@ -49,6 +49,8 @@ server:
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
":6697":
# this is a standard TLS configuration with a single certificate;
# see the manual for instructions on how to configure SNI
tls:
cert: fullchain.pem
key: privkey.pem

View File

@ -49,6 +49,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
- [Redirect from plaintext to TLS](#how-can-i-redirect-users-from-plaintext-to-tls)
- [Reverse proxies](#reverse-proxies)
- [Client certificates](#client-certificates)
- [SNI](#sni)
- [Modes](#modes)
- [User Modes](#user-modes)
- [Channel Modes](#channel-modes)
@ -606,6 +607,20 @@ Oragono supports authenticating to user accounts via TLS client certificates. Th
Client certificates are not supported over websockets due to a [Chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=329884).
## SNI
Oragono supports [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication); this is useful if you have multiple domain names for your server, with different certificates covering different domain names. Configure your TLS listener like this:
```yaml
":6697":
tls-certificates:
-
cert: cert1.pem
key: key1.pem
-
cert: cert2.pem
key: key2.pem
```
--------------------------------------------------------------------------------------------

View File

@ -23,6 +23,8 @@ server:
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
":6697":
# this is a standard TLS configuration with a single certificate;
# see the manual for instructions on how to configure SNI
tls:
cert: fullchain.pem
key: privkey.pem