change some coments relative to ssl in config files

2 files changed, 48 insertions, 14 deletions

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 3fe3992..36dae35 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -46,22 +46,28 @@
 
 
 [Const]
-    ; For a grid these will usually be the externally accessible IP/DNS
-    ; name and use default public port 8002 and default private port 8003
-    ; For a standalone this will usually be the externally accessible IP/DNS
-    ; name and use default public port 9000. The private port is not used
-    ; in the configuration for a standalone.
-
-    ;# {BaseURL} {} {BaseURL} {"http://example.com" "http://127.0.0.1"} "http://127.0.0.1"
+        ; this section defines constants for grid services
+        ; to simplify other configuration files default settings
+
+        ; BaseURL
+    ; should be the externally accessible IP/DNS name of grid or standalone
+    ; http://externalHostName or https://externalHostName if using ssl 
+        ; examples: http://mymachine.example.com, https://mymachine.example.com, https://127.0.0.1
+        ; default: http://127.0.0.1
+    ;# {BaseURL} {} {BaseURL} {"http://example.com" "http://127.0.0.1"} ""
     BaseURL = http://127.0.0.1
     
-    ;# {PublicPort} {} {PublicPort} {8002 9000} "8002"
+        ; default public port
+        ; usually 8002 for grids.
+        ; on standalones it needs to match http_listener_port or http_listener_sslport if using ssl
+        ; in [Network] section below (defaults 9000 or 9001 if using ssl)
+    ;# {PublicPort} {} {PublicPort} {8002 9000 9001} "8002"
     PublicPort = "8002"
 
+        ;grid default private port 8003, not used in standalone
     ;# {PrivatePort} {} {PrivatePort} {8003} "8003"
     PrivatePort = "8003"
 
-
 [Startup]
     ;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) "
     ;; Console prompt
@@ -437,7 +443,6 @@
     ;; Password for the default estate owner
     ; DefaultEstateOwnerPassword = password
 
-
 [SMTP]
     ;; The SMTP server enabled the email module to send email to external
     ;; destinations.
@@ -470,7 +475,6 @@
     ;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {}
     ; SMTP_SERVER_PASSWORD = ""
 
-
 [Network]
     ;# {ConsoleUser} {} {User name for console account} {}
     ;; Configure the remote console user here. This will not actually be used
@@ -487,10 +491,39 @@
     ;; the region ports use UDP.
     ; http_listener_port = 9000
 
+        ; optional main server secure http (ssl)
+        ; to use ssl you need a ssl certificate in PKCS12 format that validates the ExternalHostnames 
+        ; or their domains
+        ; some viewers by default only accept certificates signed by a oficial CA
+        ; to use others like self signed certificates with those viewers,
+        ; their debug option NoVerifySSLCert needs to be set true, You need to inform users about this
+        ; the main unsecure port will still open for some services. this may change in future.
+        
+        ; set http_listener_ssl to enable main server ssl. it will replace unsecure port on most functions
+        ;# {http_listener_ssl}{} {enable main server ssl port)} {} false
+    ;http_listener_ssl = false
+        
+        ; Set port for main SSL connections
+        ;# {http_listener_sslport}{} {main server ssl port)} {} 9001
+    ;http_listener_sslport = 9001 ;
+        
+        ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
+        ; this may be removed in future
+        ;# {http_listener_cn}{} {main server ssl externalHostName)} {} ""
+    ;http_listener_cn = "myRegionsExternalHostName"
+
+        ; the path for the certificate path
+        ;# {http_listener_cert_path}{} {main server ssl certificate file path)} {} ""
+    ;http_listener_cert_path = "mycert.p12"
+        
+        ;# {http_listener_cert_pass}{} {main server ssl certificate password)} {} ""
+        ;http_listener_cert_pass = "mycertpass" ; the cert passwork
+        
     ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
     ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
     ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
     ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
+        ; this HTTP calls can also use ssl see opensimDefaults.ini
     ;
     ; You can whitelist individual endpoints by IP or FQDN, e.g.
     ;
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 01a44c3..bd37748 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -510,8 +510,8 @@
     http_listener_cert_path = "mycert.p12" ; path for the cert file that is valid for the ExternalHostName
         http_listener_cert_pass = "mycertpass" ; the cert passwork
 
-    ; HTTPS for "Out of band" management applications such as the remote 
-    ; admin module
+    ; addicional HTTPS for "Out of band" management applications such as the remote 
+    ; admin module or scripts
     ;
     ; Create https_listener = "True" will create a listener on the port
     ; specified. Provide the path to your server certificate along with it's
@@ -519,7 +519,7 @@
     ; https_listener = False
     ; Set our listener to this port
     ; https_port = 0
-    ; Path to X509 certificate
+    ; Path to X509 certificate, can be the same as main or another
     ; cert_path = "path/to/cert.p12"
     ; Password for cert
     ; cert_pass = "password"
@@ -531,6 +531,7 @@
     ; HttpBodyMaxLenMAX=16384
 
     ; Hostname to use in llRequestURL/llRequestSecureURL
+        ; must be a valid hostname for the ssl cert.
     ; if not defined - default machine name is being used
     ; (on Windows this mean NETBIOS name - useably only inside local network)
     ; ExternalHostNameForLSL=127.0.0.1