61
edits
Changes
From Amahi Wiki
Created page with "{{MessageBox| backgroundcolor = red| image =Warning.png| heading =WARNING| message = This is recommended only for advanced users, proceed with caution.}} Here I will discuss acce..."
{{MessageBox|
backgroundcolor = red|
image =Warning.png|
heading =WARNING|
message = This is recommended only for advanced users, proceed with caution.}}
Here I will discuss accessing your Amahi HDA over SSL. This means that you will go to your home page http://hda and it will automatically convert to https://hda.
= Prerequisites =
I assume you already have Fedora 14 installed with Amahi up and running.
= Instructions =
== Install mod_ssl ==
mod_ssl for Apache2 is required for this functionality. Luckily Fedora makes it easy.
{{Code|yum -y install mod_ssl}}
== Generate your own certificates ==
NOTE: Leaving defaults will not make your server less secure.
{{Code|mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key
mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key}}
== Edit ssl.conf ==
Edit the current /etc/httpd/conf.d/ssl.conf and change the following lines to match the code below.
{{Code|SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}
== Modify apache initialization ==
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL.
{{Code|(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)}}
== Create your HDA SSL virtual host ==
Now you need your HDA virtual host over SSL. The default configuration is pretty good so let's use that.
{{Code|cd /etc/httpd/conf.d/
cp 01-platform.conf 01-platform-ssl.conf}}
You need to modify 01-platform-ssl.conf and change <VirtualHost *:80> to the following...
{{Text|<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}
This way the server utilizes the SSL certificates you created for yourself.
== Create a redirect from HDA to secured HDA ==
Modify 01-platform.conf and go down to the rewrite rules. Below the last rewrite rule just before the line "# this was only for FCGI" put the following code.
{{Text|<nowiki>RewriteCond %{HTTPS} !=on</nowiki>
<nowiki>RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]</nowiki>}}
= Finished =
Now that you're done go ahead and visit http://hda and watch it turn into https://hda! Understand that the certificates you generated have not been verified by a certificate authority so you'll need to confirm a security exception.
= See also =
backgroundcolor = red|
image =Warning.png|
heading =WARNING|
message = This is recommended only for advanced users, proceed with caution.}}
Here I will discuss accessing your Amahi HDA over SSL. This means that you will go to your home page http://hda and it will automatically convert to https://hda.
= Prerequisites =
I assume you already have Fedora 14 installed with Amahi up and running.
= Instructions =
== Install mod_ssl ==
mod_ssl for Apache2 is required for this functionality. Luckily Fedora makes it easy.
{{Code|yum -y install mod_ssl}}
== Generate your own certificates ==
NOTE: Leaving defaults will not make your server less secure.
{{Code|mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key
mkdir /etc/httpd/ssl.key
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key}}
== Edit ssl.conf ==
Edit the current /etc/httpd/conf.d/ssl.conf and change the following lines to match the code below.
{{Code|SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}
== Modify apache initialization ==
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL.
{{Code|(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)}}
== Create your HDA SSL virtual host ==
Now you need your HDA virtual host over SSL. The default configuration is pretty good so let's use that.
{{Code|cd /etc/httpd/conf.d/
cp 01-platform.conf 01-platform-ssl.conf}}
You need to modify 01-platform-ssl.conf and change <VirtualHost *:80> to the following...
{{Text|<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}
This way the server utilizes the SSL certificates you created for yourself.
== Create a redirect from HDA to secured HDA ==
Modify 01-platform.conf and go down to the rewrite rules. Below the last rewrite rule just before the line "# this was only for FCGI" put the following code.
{{Text|<nowiki>RewriteCond %{HTTPS} !=on</nowiki>
<nowiki>RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]</nowiki>}}
= Finished =
Now that you're done go ahead and visit http://hda and watch it turn into https://hda! Understand that the certificates you generated have not been verified by a certificate authority so you'll need to confirm a security exception.
= See also =
