From ab8bd17668fb99353e83a86decd32cb275559ee9 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.biz>
Date: Thu, 17 Oct 2024 12:04:15 +0200
Subject: [PATCH] Kapitel 10: SSL/TLS

---
 conf/kapitel/kapitel_10.conf | 62 ++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 conf/kapitel/kapitel_10.conf

diff --git a/conf/kapitel/kapitel_10.conf b/conf/kapitel/kapitel_10.conf
new file mode 100644
index 0000000..f263f21
--- /dev/null
+++ b/conf/kapitel/kapitel_10.conf
@@ -0,0 +1,62 @@
+##### Kapitel 10 - SSL
+
+LoadModule ssl_module modules/mod_ssl.so
+Include conf/extra/httpd-ssl.conf
+
+# Für dehydrated, aus Debian-Package "dehydrated-apache2"
+Include /etc/apache2/conf-available/dehydrated.conf
+
+### SSL-Protokoll/-Cipher Log-File-Format
+LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_info
+LogFormat "%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\" %h \"%r\" %b" ssl_agentinfo
+LogFormat "%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{User-Agent}i\"" ssl_browser
+
+### IP-based SSL-VHost
+
+<VirtualHost 172.31.31.101:443>
+	SSLEngine On
+	SSLCertificateFile "/usr/local/apache2/conf/ssl/ipbased.sv.crt"
+	SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/ipbased.sv.key"
+	# SSLCertificateChainFile "/usr/local/apache2/conf/ssl/interm.crt"
+
+	DocumentRoot /usr/local/apache2/htdocs-ipbased.sv
+	ServerName ipbased.sv
+	CustomLog logs/SSL_ipbased-access.log combined
+	ErrorLog logs/SSL_ipbased-error.log
+
+	CustomLog logs/ipbased.sv_ssl.log ssl_browser
+	CustomLog logs/ipbased.sv_ssl_agent.log ssl_agentinfo
+
+	SSLCACertificateFile CA/cacert.pem
+	<Location /sslclient/>
+		SSLVerifyClient require
+		SSLVerifyDepth  1
+	</Location>
+</VirtualHost>
+
+### Name-based SSL-VHosts
+
+<VirtualHost 172.31.31.102:443>
+	SSLEngine On
+	SSLCertificateFile /usr/local/apache2/conf/ssl/firma1.sv.crt
+	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma1.sv.key
+
+	DocumentRoot /usr/local/apache2/htdocs-firma1.sv
+	ServerName firma1.sv
+	ServerAlias *.firma1.sv
+	CustomLog logs/firma1-access.log combined
+	ErrorLog logs/firma1-error.log
+</VirtualHost>
+
+<VirtualHost 172.31.31.102:443>
+	SSLEngine On
+	SSLCertificateFile /usr/local/apache2/conf/ssl/firma2.sv.crt
+	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/firma2.sv.key
+
+	DocumentRoot /usr/local/apache2/htdocs-firma2.sv
+	ServerName firma2.sv
+	ServerAlias *.firma2.sv
+	CustomLog logs/firma2-access.log combined
+	ErrorLog logs/firma2-error.log
+</VirtualHost>
+