Prosody configuration/certificate properties question
46 views
Skip to first unread message
Milan Obuch
Mar 8, 2021, 5:55:08 AM3/8/21
to prosod...@googlegroups.com
Hi,
I started to use Prosody as XMPP server for some testing and was able
to get it running with Pidgin client. I verified it works with someone
using (I think) ejabber server. For this I created Let's Encrypt
certificate for my test domain.
Now I would like to move a bit toward service deployment. For this
purpose I like to see possibility to serve several domains with one
Prosody instance. Question is, how should I create certificate for this
scenario.
In my config file, I commented out default
VirtualHost "localhost"
line and added my test domain like this:
VirtualHost "xm1.dino.sk"
ssl =
{ certificate = "certs/xm1.dino.sk.fullchain.cer";
key = "certs/xm1.dino.sk.key";
}
Certificate was created using acme.sh with command
acme.sh --issue --standalone --domain xm1.dino.sk
Now, how can I serve several domains? I can use maybe xm1.dino.sk and
xm2.dino.sk by adding similar definition for VirtualHost, but what
about certificates? Can I use one certificate per domain or should I
use one certificate with more SAN? I have no XMPP protocol knowledge
yet, so I have no idea whether it is possible to use Different
certificate for domains run by the same Prosody instance using one IP,
thus the question.
Rgeards,
Milan
I started to use Prosody as XMPP server for some testing and was able
to get it running with Pidgin client. I verified it works with someone
using (I think) ejabber server. For this I created Let's Encrypt
certificate for my test domain.
Now I would like to move a bit toward service deployment. For this
purpose I like to see possibility to serve several domains with one
Prosody instance. Question is, how should I create certificate for this
scenario.
In my config file, I commented out default
VirtualHost "localhost"
line and added my test domain like this:
VirtualHost "xm1.dino.sk"
ssl =
{ certificate = "certs/xm1.dino.sk.fullchain.cer";
key = "certs/xm1.dino.sk.key";
}
Certificate was created using acme.sh with command
acme.sh --issue --standalone --domain xm1.dino.sk
Now, how can I serve several domains? I can use maybe xm1.dino.sk and
xm2.dino.sk by adding similar definition for VirtualHost, but what
about certificates? Can I use one certificate per domain or should I
use one certificate with more SAN? I have no XMPP protocol knowledge
yet, so I have no idea whether it is possible to use Different
certificate for domains run by the same Prosody instance using one IP,
thus the question.
Rgeards,
Milan
Reply all
Reply to author
Forward
0 new messages