|
@@ -49,6 +49,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
|
49
|
49
|
- [Redirect from plaintext to TLS](#how-can-i-redirect-users-from-plaintext-to-tls)
|
50
|
50
|
- [Reverse proxies](#reverse-proxies)
|
51
|
51
|
- [Client certificates](#client-certificates)
|
|
52
|
+ - [SNI](#sni)
|
52
|
53
|
- [Modes](#modes)
|
53
|
54
|
- [User Modes](#user-modes)
|
54
|
55
|
- [Channel Modes](#channel-modes)
|
|
@@ -606,6 +607,20 @@ Oragono supports authenticating to user accounts via TLS client certificates. Th
|
606
|
607
|
|
607
|
608
|
Client certificates are not supported over websockets due to a [Chrome bug](https://bugs.chromium.org/p/chromium/issues/detail?id=329884).
|
608
|
609
|
|
|
610
|
+## SNI
|
|
611
|
+
|
|
612
|
+Oragono supports [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication); this is useful if you have multiple domain names for your server, with different certificates covering different domain names. Configure your TLS listener like this:
|
|
613
|
+
|
|
614
|
+```yaml
|
|
615
|
+ ":6697":
|
|
616
|
+ tls-certificates:
|
|
617
|
+ -
|
|
618
|
+ cert: cert1.pem
|
|
619
|
+ key: key1.pem
|
|
620
|
+ -
|
|
621
|
+ cert: cert2.pem
|
|
622
|
+ key: key2.pem
|
|
623
|
+```
|
609
|
624
|
|
610
|
625
|
--------------------------------------------------------------------------------------------
|
611
|
626
|
|