Difference between revisions of "Secure App Access"
From Amahi Wiki
Line 11: | Line 11: | ||
{{code|openssl genrsa -out filename.key 1024 | {{code|openssl genrsa -out filename.key 1024 | ||
openssl req -new -key filename.key -x509 -days 1000 -out filename.crt}} | openssl req -new -key filename.key -x509 -days 1000 -out filename.crt}} | ||
− | * Next open up '''/etc/httpd/conf/httpd.conf''' | + | * Next open up '''/etc/httpd/conf/httpd.conf''' and add the following to the end (skip if you implemented [[Access HDA over SSL]]): |
{{Text|NameVirtualHost *:443}} | {{Text|NameVirtualHost *:443}} | ||
* Open terminal and do (skip if you implemented [[Access HDA over SSL]]): | * Open terminal and do (skip if you implemented [[Access HDA over SSL]]): |
Revision as of 01:37, 2 September 2011
WARNING | |
---|---|
This is recommended only for advanced users, proceed with caution. |
This is an example of how to force web app access via HTTPS. For this example, AjaXplorer will be used but this will work with any web app.
- Go to your config file for apache:
bash code |
---|
cd /etc/httpd/conf
|
- Now it is time to create a key and a crt. It will ask you a few questions, just make sure that the Common Name is the domain name:
bash code |
---|
openssl genrsa -out filename.key 1024 openssl req -new -key filename.key -x509 -days 1000 -out filename.crt
|
- Next open up /etc/httpd/conf/httpd.conf and add the following to the end (skip if you implemented Access HDA over SSL):
Text |
---|
NameVirtualHost *:443
|
- Open terminal and do (skip if you implemented Access HDA over SSL):
bash code |
---|
yum -y install mod_ssl
|
- Find the file that has ajaxplorer in its name (i.e. 1026-ajaxplorer.conf):
bash code |
---|
cd /etc/httpd/conf.d/
|
- Edit it to like this (change username.yourhda.com):
Text |
---|
<VirtualHost *:443> ServerName ajaxplorer ServerAlias username.yourhda.com SSLEngine On SSLCertificateFile /etc/httpd/conf/filename.crt SSLCertificateKeyFile /etc/httpd/conf/filename.key DocumentRoot /var/hda/web-apps/ajaxplorer/html <Directory "/var/hda/web-apps/ajaxplorer/html"> Options Indexes FollowSymLinks +ExecCGI AddHandler fcgid-script .fcg AllowOverride AuthConfig Order allow,deny Allow from all </Directory> </VirtualHost>
|
- Finally create a file called 1026-ajaxplorerhttp.conf (number may be different for you) and add this code (change username.hda.com):
Text |
---|
<VirtualHost *:80> ServerName ajaxplorer ServerAlias username.yourhda.com RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] ExpiresDefault "access plus 10 years" AddOutputFilterByType DEFLATE text/html text/plain text/xml </VirtualHost>
|
- Now you need to restart apache:
bash code |
---|
service httpd restart
|
- And that's all, you now have 128 bit encryption for AjaXplorer. Note that when you uninstall the app, you will need to manually remove the 1026-ajaxplorerhttp.conf file you created.