[liberationtech] software download over SSL mirrors?
Andrew Lewman
liberationtech at lewman.us
Sun Mar 9 18:58:33 PDT 2014
On Mon, Mar 10, 2014 at 12:09:14AM +0000, adrelanos at riseup.net wrote 2.6K bytes in 0 lines about:
: Does anyone know how to set up a mirror network supporting SSL?
I've seen it done two ways. One way distributes bandwidth by letting
people hit each mirror directly. Another way creates a master mirror
which redirects to other mirrors.
1. If you are doing dns load balancing, you get a cert for a domain
name. Give the cert and key to your mirrors. Then sslmirror.whonix.org
works regardless of the mirror.
2. Ask each mirror to get their own cert, and make sslmirror.whonix.org
the master site, which then redirects to a list of ssl mirrors via
webserver rewrite/redirects. Therefore the ssl cert will match the
mirror's name. Such as sslmirror.whonix.org rewrites to
(sslmirror.example.com, website.example.net, download.example.org).
--
Andrew
pgp 0x6B4D6475
More information about the liberationtech
mailing list