Enable SNI on Ubuntu 12.04 LTS

Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs Apache 2.2. This allows running multiple HTTPS sites from one IP address/TCP port when SubjectAltNames are specified in the certificate, but MSIE on WinXP does not support this extension and so will cease working for HTTPS sites managed by this module. Note that this behavior is already implicit on Apache 2.4 based platforms (such as Ubuntu 14.04 LTS). Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
2015-10-19 19:51:14 +00:00 · 2015-10-19 19:51:14 +00:00 · ebdc05976f
commit ebdc05976f
parent 0dcb175c42
2 changed files with 14 additions and 0 deletions
--- a/files/sni
+++ b/files/sni
@ -0,0 +1,4 @@
+# Enable SNI for HTTPS (this breaks HTTPS sites for MSIE on WinXP)
+<IfModule mod_ssl.c>
+    NameVirtualHost *:443
+</IfModule>
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@ -31,4 +31,14 @@ class httpd::ssl {
      fail( "${::operatingsystem} not defined in httpd::ssl.")
    }
  }
+
+  if $::lsbdistcodename == 'precise' {
+    # Unconditionally enable SNI on Ubuntu 12.04 (it's on by default in 14.04)
+    file { '/etc/apache2/conf.d/sni':
+      ensure  => present,
+      source  => 'puppet:///modules/httpd/sni',
+      notify  => Service['httpd'],
+      require => Package['httpd'],
+    }
+  }
 }