Changes in 57b1a96: Updated ssl support (markdown)

				wiki/ssl-support.md
			
          @@ -1,6 +1,6 @@

           # Supporting HTTPS / SSL

          -On sapsailing.com, we have a security certificate installed. For root users its key is visible at `/etc/pki/tls/private/star_sapsailing_com.key`. The certicicate is at `/etc/pki/tls/certs/star_sapsailing_com.crt`. To enable SSL on a server, the module `mod_ssl` needs to be installed. Use ``yum install mod_ssl``.

          +On sapsailing.com, we have a security certificate installed. For root users its key is visible at `/etc/pki/tls/private/star_sapsailing_com.key`. The certicicate is at `/etc/pki/tls/certs/star_sapsailing_com.crt`. The intermediate CA file from [https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2045](https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2045) is at `/etc/pki/tls/certs/server-chain.crt`. To enable SSL on a server, the module `mod_ssl` needs to be installed. Use ``yum install mod_ssl``.

           The `/etc/httpd/conf/httpd.conf` file must contain the following in order to ensure that the `ServerName` setting is respected for selecting the appropriate `VirtualHost` element:

          @@ -15,26 +15,33 @@ When this is done, the server can use the following sequence of directives insid

                   SSLEngine  On

                   SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt

                   SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key

          +        SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

           </pre>

          -A full-blown &lt;VirtualHost&gt; element in a rewrite macro in `000-macros.conf` then could look like this:

          +We have this also in a macro called SSL that is defined in `/etc/httpd/conf.d/000-macros.conf` like this:

           ```

          -<Macro Event-SSL $HOSTNAME $EVENTUUID $IP $PORT>

          -    <VirtualHost *:443>

          -        ServerName $HOSTNAME

          -

          +<Macro SSL>

                   SSLEngine  On

                   SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt

                   SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key

          +        SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

          +</Macro>

          +```

          -        Use Headers

          +It can then simply be used in any `VirtualHost` definition using `Use SSL`.

          -        RewriteEngine on

          +A full-blown &lt;VirtualHost&gt; element in a rewrite macro in `000-macros.conf` then could look like this:

          +```

          +<Macro Event-SSL $HOSTNAME $EVENTUUID $IP $PORT>

          +    <VirtualHost *:443>

          +        ServerName $HOSTNAME

          +        Use SSL

          +        Use Headers

          +        RewriteEngine on

                   RewriteCond %{REQUEST_URI} "^(/)?$"

                   RewriteRule ^(/)?$ "https://$HOSTNAME/gwt/Home.html?%{QUERY_STRING}#/event/:eventId=$EVENTUUID" [L,NE]

          -

                   Use Rewrite $IP $PORT

               </VirtualHost>

           </Macro>

          @@ -46,4 +53,13 @@ It can then be used inside the `001-events.conf` file like this

           Use Event-SSL ssltest.sapsailing.com "f8087b3c-c641-4fda-bf8d-0bc2abe09e40" 172.31.22.239 8888

           ```

          -Keep in mind that the certificate we have only is valid for `*.sapsailing.com` which does not include 2nd-level sub-domains such as a.b.sapsailing.com.

          \ No newline at end of file

          +Keep in mind that the certificate we have only is valid for `*.sapsailing.com` which does not include 2nd-level sub-domains such as a.b.sapsailing.com.

          +

          +To have a non-SSL `VirtualHost` redirect to the SSL counterpart, use a definition like this:

          +

          +```

          +<VirtualHost *:80>

          +        ServerName jobs.sapsailing.com

          +        RedirectPermanent / https://jobs.sapsailing.com/

          +</VirtualHost>

          +```

          \ No newline at end of file

...	...	@@ -1,6 +1,6 @@
1	1	# Supporting HTTPS / SSL
2	2
3		-On sapsailing.com, we have a security certificate installed. For root users its key is visible at `/etc/pki/tls/private/star_sapsailing_com.key`. The certicicate is at `/etc/pki/tls/certs/star_sapsailing_com.crt`. To enable SSL on a server, the module `mod_ssl` needs to be installed. Use ``yum install mod_ssl``.
	3	+On sapsailing.com, we have a security certificate installed. For root users its key is visible at `/etc/pki/tls/private/star_sapsailing_com.key`. The certicicate is at `/etc/pki/tls/certs/star_sapsailing_com.crt`. The intermediate CA file from [https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2045](https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2045) is at `/etc/pki/tls/certs/server-chain.crt`. To enable SSL on a server, the module `mod_ssl` needs to be installed. Use ``yum install mod_ssl``.
4	4
5	5	The `/etc/httpd/conf/httpd.conf` file must contain the following in order to ensure that the `ServerName` setting is respected for selecting the appropriate `VirtualHost` element:
6	6
...	...	@@ -15,26 +15,33 @@ When this is done, the server can use the following sequence of directives insid
15	15	SSLEngine On
16	16	SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt
17	17	SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key
	18	+ SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
18	19	</pre>
19	20
20		-A full-blown <VirtualHost> element in a rewrite macro in `000-macros.conf` then could look like this:
	21	+We have this also in a macro called SSL that is defined in `/etc/httpd/conf.d/000-macros.conf` like this:
21	22
22	23	```
23		-<Macro Event-SSL $HOSTNAME $EVENTUUID $IP $PORT>
24		- <VirtualHost *:443>
25		- ServerName $HOSTNAME
26		-
	24	+<Macro SSL>
27	25	SSLEngine On
28	26	SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt
29	27	SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key
	28	+ SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
	29	+</Macro>
	30	+```
30	31
31		- Use Headers
	32	+It can then simply be used in any `VirtualHost` definition using `Use SSL`.
32	33
33		- RewriteEngine on
	34	+A full-blown <VirtualHost> element in a rewrite macro in `000-macros.conf` then could look like this:
34	35
	36	+```
	37	+<Macro Event-SSL $HOSTNAME $EVENTUUID $IP $PORT>
	38	+ <VirtualHost *:443>
	39	+ ServerName $HOSTNAME
	40	+ Use SSL
	41	+ Use Headers
	42	+ RewriteEngine on
35	43	RewriteCond %{REQUEST_URI} "^(/)?$"
36	44	RewriteRule ^(/)?$ "https://$HOSTNAME/gwt/Home.html?%{QUERY_STRING}#/event/:eventId=$EVENTUUID" [L,NE]
37		-
38	45	Use Rewrite $IP $PORT
39	46	</VirtualHost>
40	47	</Macro>
...	...	@@ -46,4 +53,13 @@ It can then be used inside the `001-events.conf` file like this
46	53	Use Event-SSL ssltest.sapsailing.com "f8087b3c-c641-4fda-bf8d-0bc2abe09e40" 172.31.22.239 8888
47	54	```
48	55
49		-Keep in mind that the certificate we have only is valid for `*.sapsailing.com` which does not include 2nd-level sub-domains such as a.b.sapsailing.com.
...	...	\ No newline at end of file
	0	+Keep in mind that the certificate we have only is valid for `*.sapsailing.com` which does not include 2nd-level sub-domains such as a.b.sapsailing.com.
	1	+
	2	+To have a non-SSL `VirtualHost` redirect to the SSL counterpart, use a definition like this:
	3	+
	4	+```
	5	+<VirtualHost *:80>
	6	+ ServerName jobs.sapsailing.com
	7	+ RedirectPermanent / https://jobs.sapsailing.com/
	8	+</VirtualHost>
	9	+```
...	...	\ No newline at end of file