The two configuration entries to use are ssl.engine
and ssl.pemfile
. To enable SSL, set ssl.engine="enable"
; to disable SSL, set ssl.engine="disable"
.
The ssl.pemfile
should contain the path of your server.pem
relative to the configuration file. If we only want to serve HTTPS, we can simply change our server.port
and enable SSL:
server.port = 443 # standard HTTPS port ssl.engine = "enable" ssl.pemfile = "server.pem"
Usually we may want to serve HTTP and HTTPS, depending on how the client is connected. Remember selectors from Chapter 2? We can put the following into our configuration:
$SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "server.pem" }
Unless we use $SERVER["socket"] elsewhere, adding this snippet will allow all pages to be requested via HTTP or HTTPS without changing their functionality.
Sometimes, we want to go one step further, and redirect all traffic to HTTPS for a security-conscious subset of our site. We can do this using mod_redirect...