Name based VH

Doc/Common/glossary.xml

@@ -558,6 +558,16 @@
       </glossdef>
     </glossentry>
 
+    <glossentry xml:id="glo_NIC">
+      <glossterm>NIC</glossterm>
+
+      <glossdef>
+        <para><link
+        xlink:href="https://en.wikipedia.org/wiki/Network_interface_controller">Network
+        Interface Controller</link></para>
+      </glossdef>
+    </glossentry>
+
     <glossentry xml:id="glo_OO">
       <glossterm><acronym>OO</acronym></glossterm>
 
@@ -703,6 +713,14 @@
       </glossdef>
     </glossentry>
 
+    <glossentry xml:id="glo_SNI">
+      <glossterm><acronym>SNI</acronym></glossterm>
+
+      <glossdef>
+        <para>Server Name Indication</para>
+      </glossdef>
+    </glossentry>
+
     <glossentry xml:id="glo_SNMP">
       <glossterm><acronym>SNMP</acronym></glossterm>
 
@@ -887,9 +905,20 @@
       <glossterm><acronym>TLS</acronym></glossterm>
 
       <glossdef>
-        <para><link
-        xlink:href="https://en.wikipedia.org/wiki/Transport_Layer_Security">Transport
-        Layer Security</link></para>
+        <para>Transport Layer Security</para>
+
+        <itemizedlist>
+          <listitem>
+            <para><link
+            xlink:href="https://en.wikipedia.org/wiki/Transport_Layer_Security">Wikipedia</link></para>
+          </listitem>
+
+          <listitem>
+            <para><link
+            xlink:href="https://www.globalsign.com/en/blog/ssl-vs-tls-difference">TLS
+            <abbrev>vs.</abbrev> SSL</link> distinction</para>
+          </listitem>
+        </itemizedlist>
       </glossdef>
     </glossentry>
 

Doc/Sdi/apache.xml

@@ -2,6 +2,7 @@
 <chapter version="5.1" xml:id="sdiApache"
          xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:xila="http://www.w3.org/2001/XInclude/local-attributes"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          xmlns:svg="http://www.w3.org/2000/svg"
          xmlns:ns="http://docbook.org/ns/transclusion"
@@ -13,29 +14,168 @@
   <section xml:id="sdiApachePrelim">
     <title>Preliminaries</title>
 
-    <para>The following documentation will be helpful:</para>
-
-    <itemizedlist>
-      <listitem>
-        <para><link xlink:href="https://httpd.apache.org/docs/2.4">Apache HTTP
-        Server Version 2.4 Documentation</link></para>
-      </listitem>
-    </itemizedlist>
-
-    <tip>
-      <para>Whenever searching for <productname>Apache</productname> related
-      configuration hints always include <quote>2.4</quote> in your query
-      string: The configuration file syntax has changed considerably in
-      comparison to <productname>Apache</productname> 2.2.</para>
-    </tip>
+    <figure xml:id="sdi_webserver_documentation">
+      <title>External documentation</title>
+
+      <itemizedlist>
+        <listitem>
+          <para><link xlink:href="https://httpd.apache.org/docs/2.4">Apache
+          HTTP Server Version 2.4 Documentation</link></para>
+        </listitem>
+      </itemizedlist>
+
+      <tip>
+        <para>Whenever searching for <productname>Apache</productname> related
+        documentation <emphasis>always</emphasis> include <quote>2.4</quote>
+        in your query: Configuration file syntax changed considerably with
+        respect to <productname>Apache</productname> version 2.2.</para>
+      </tip>
+    </figure>
+
+    <figure xml:id="sdi_webserver_virtualHostPrinciple">
+      <title>Virtual hosting</title>
+
+      <itemizedlist>
+        <listitem>
+          <para>One physical host system</para>
+        </listitem>
+
+        <listitem>
+          <para>Serving multiple sites e.g.:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para><uri>https://www.foo.org</uri></para>
+            </listitem>
+
+            <listitem>
+              <para><uri>https://www.second.org</uri></para>
+            </listitem>
+          </itemizedlist>
+        </listitem>
+      </itemizedlist>
+    </figure>
+
+    <figure xml:id="sdi_webserver_virtualHostImplementations">
+      <title>Implementing virtual hosting</title>
+
+      <orderedlist>
+        <listitem>
+          <para>Port based virtual hosting</para>
+        </listitem>
+
+        <listitem>
+          <para>IP based virtual hosting</para>
+        </listitem>
+
+        <listitem>
+          <para>Name based virtual hosting</para>
+
+          <para>Typically using <emphasis role="red">S</emphasis>erver
+          <emphasis role="red">N</emphasis>ame <emphasis
+          role="red">I</emphasis>ndication (<xref linkend="glo_SNI"/>)</para>
+        </listitem>
+      </orderedlist>
+    </figure>
+
+    <figure xml:id="sdi_webserver_IpBasedVhost">
+      <title>IP based virtual hosting</title>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="Ref/Webserver/ipBasedVirtual.multi.svg"/>
+        </imageobject>
+      </mediaobject>
+    </figure>
+
+    <figure xml:id="sdi_webserver_IpBasedVhostProCons">
+      <title>IP based, pros / cons</title>
+
+      <itemizedlist>
+        <listitem>
+          <para>Host system: One IP per site to serve</para>
+        </listitem>
+
+        <listitem>
+          <para>Pro: <xref linkend="glo_TLS"/> handshake without <xref
+          linkend="glo_SNI"/>.</para>
+
+          <para>Supporting older clients.</para>
+        </listitem>
+
+        <listitem>
+          <para>Downside:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>IP address waste</para>
+            </listitem>
+
+            <listitem>
+              <para>Host system <xref linkend="glo_NIC"/> configuration
+              required</para>
+            </listitem>
+          </itemizedlist>
+        </listitem>
+      </itemizedlist>
+    </figure>
+
+    <figure xml:id="sdi_webserver_NameBasedVhost">
+      <title>Name based virtual hosting</title>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata fileref="Ref/Webserver/nameBasedVirtual.multi.svg"/>
+        </imageobject>
+      </mediaobject>
+    </figure>
+
+    <figure xml:id="sdi_webserver_NameBasedVhostProCons">
+      <title>Name based, pros / cons</title>
+
+      <itemizedlist>
+        <listitem>
+          <para>Host system: Common IP address</para>
+        </listitem>
+
+        <listitem>
+          <para>Pro</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>IP address waste</para>
+            </listitem>
+
+            <listitem>
+              <para>Host system <xref linkend="glo_NIC"/> configuration
+              required</para>
+            </listitem>
+          </itemizedlist>
+        </listitem>
+
+        <listitem>
+          <para>Cons: Excluding older non <xref linkend="glo_SNI"/> supporting
+          clients.</para>
+
+          <para>(Internet Explorer on <productname>Windows XP</productname>,
+          Android below V. 2.3)</para>
+        </listitem>
+
+        <listitem>
+          <para><xref linkend="glo_SNI"/> allows for eavesdropping requested
+          site's name.</para>
+        </listitem>
+      </itemizedlist>
+    </figure>
   </section>
 
   <section xml:id="sdiApacheExercise">
     <title>Exercises</title>
 
     <para>The Apache web server <package>apache2</package> software package
-    may have already been installed depending on other exercises (<xref
-    linkend="glo_LDAP"/> administration frontend?):</para>
+    may have already been installed depending on other exercises
+    <abbrev>e.g.</abbrev> <xref linkend="glo_LDAP"/> administration
+    frontend:</para>
 
     <screen>aptitude install apache2</screen>