#
# This is an example webserver configuration using virtual hosts.
#
# See doc/config-guide.txt for descriptions of each command (line)
# and configuration syntax.
#
################################3
#
# to use SSL mode, you'll need IO::Socket::SSL 0.97+
#
# You can do SSL either on webserver mode, a reverse_proxy, or a service selector,
# but not if the service selector is vhost-based, because SSL and vhosts aren't
# compatible.
#
# the pound docs recommend this cipher list for a known bug in older
# versions of IE:
#
#     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#
# You can make a self-signed key and cert with;
#
#   openssl req -x509 -newkey rs:1024 -keyout server-key.pem -out server-cert.pem -days 365 -nodes
#

CREATE SERVICE site
  SET role            = web_server
  SET docroot         = /var/www/site.com/
  SET dirindexing     = on

  SET enable_ssl      = on
  SET ssl_key_file    = certs/server-key.pem
  SET ssl_cert_file   = certs/server-cert.pem

  # optionally set the cipher list.  the default is "ALL:!LOW:!EXP"
  SET ssl_cipher_list = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

ENABLE site


# always good to keep an internal management port open:
CREATE SERVICE mgmt
  SET role   = management
  SET listen = 127.0.0.1:60000
ENABLE mgmt