Forum OpenACS Development: Re: ANNOUNCE: NaviServer 4.99.16 available

2: Re: ANNOUNCE: NaviServer 4.99.16 available (response to 1)

Posted by Paul Babin on 05/05/18 06:05 PM

Thank you as always for your continued work on this project!

Is there any documentation available on '- "ns_http queue|run" new parameter "-hostname" for handling SNI' - we're thinking this is a possible solution for a setup we are considering but can use a little assistance with the setup.

Thank you in advance.

3: Re: ANNOUNCE: NaviServer 4.99.16 available (response to 2)

Posted by Gustaf Neumann on 05/05/18 07:03 PM

The parameter is documented in [1] and is just used when the NaviServer is submitting client request to some other server via https. It is just for use in situations, where some other server sends different certificates depending on the hostname provided via SNI. The background of SNI is described in [2]... that is all quite simple and requires no complex setup.

If you are interested in serving multiple domain names via NaviServer, the probably simplest approach is to use multi-domain certificates (SAN certificates, using the Subject Alternative Name field), e.g. via lets-encrypt [3]. This is, what we are using e.g. on openacs.org.

hope this helps.
-g

[1] https://naviserver.sourceforge.io/n/naviserver/files/ns_http.html
[2] https://en.wikipedia.org/wiki/Server_Name_Indication
[3] https://bitbucket.org/naviserver/letsencrypt/src/default/

4: Re: ANNOUNCE: NaviServer 4.99.16 available (response to 3)

Posted by Paul Babin on 06/20/18 12:13 AM

Gustaf,

As always thank you very much for your dedicated work on openacs and naviserver. We greatly appreciate all the enhancements!

This did help and we are also looking forward into exploring the new lets encrypt module!

Sincerely,