Changes

From Amahi Wiki
Jump to: navigation, search
3,094 bytes added ,  07:32, 15 June 2011
Created page with "{{MessageBox| backgroundcolor = red| image =Warning.png| heading =WARNING| message = This is recommended only for advanced users, proceed with caution.}} Here I will discuss acce..."
{{MessageBox|
backgroundcolor = red|
image =Warning.png|
heading =WARNING|
message = This is recommended only for advanced users, proceed with caution.}}
Here I will discuss accessing your Amahi HDA over SSL. This means that you will go to your home page http://hda and it will automatically convert to https://hda.

= Prerequisites =
I assume you already have Fedora 14 installed with Amahi up and running.

= Instructions =
== Install mod_ssl ==
mod_ssl for Apache2 is required for this functionality. Luckily Fedora makes it easy.
{{Code|yum -y install mod_ssl}}

== Generate your own certificates ==
NOTE: Leaving defaults will not make your server less secure.
{{Code|mkdir /etc/httpd/ssl.crt

openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024

openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650

openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650

openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key

mkdir /etc/httpd/ssl.key

mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key

chmod 400 /etc/httpd/ssl.key/server.key}}

== Edit ssl.conf ==
Edit the current /etc/httpd/conf.d/ssl.conf and change the following lines to match the code below.
{{Code|SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}

== Modify apache initialization ==
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL.
{{Code|(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)}}

== Create your HDA SSL virtual host ==
Now you need your HDA virtual host over SSL. The default configuration is pretty good so let's use that.
{{Code|cd /etc/httpd/conf.d/
cp 01-platform.conf 01-platform-ssl.conf}}
You need to modify 01-platform-ssl.conf and change <VirtualHost *:80> to the following...
{{Text|<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key}}
This way the server utilizes the SSL certificates you created for yourself.

== Create a redirect from HDA to secured HDA ==
Modify 01-platform.conf and go down to the rewrite rules. Below the last rewrite rule just before the line "# this was only for FCGI" put the following code.
{{Text|<nowiki>RewriteCond %{HTTPS} !=on</nowiki>
<nowiki>RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]</nowiki>}}

= Finished =
Now that you're done go ahead and visit http://hda and watch it turn into https://hda! Understand that the certificates you generated have not been verified by a certificate authority so you'll need to confirm a security exception.

= See also =
61

edits