Difference between revisions of "Secure App Access"

From Amahi Wiki
Jump to: navigation, search
(Created page with 'This is an example of how to force an app access via https. For this example, AjaXplorer will be used but this will work with any app. * Go to you config file for apache, '''cd…')
 
Line 2: Line 2:
  
 
* Go to you config file for apache, '''cd /etc/httpd/conf/'''
 
* Go to you config file for apache, '''cd /etc/httpd/conf/'''
* Now it is time to create a key and a crt. '''openssl genrsa -out filename.key 1024''' then '''openssl req -new -key filename.key -x509 -days 1000 -out filename.crt''' It will ask you a few questions, just make sure that the '''Comman Name''' is the domain name.
+
* Now it is time to create a key and a crt. '''openssl genrsa -out filename.key 1024''' then '''openssl req -new -key filename.key -x509 -days 1000 -out filename.crt''' It will ask you a few questions, just make sure that the '''Common Name''' is the domain name.
 
* Next open up httpd.conf with you favorite editor and add '''NameVirtualHost *:443''' somewhere in the conf file
 
* Next open up httpd.conf with you favorite editor and add '''NameVirtualHost *:443''' somewhere in the conf file
 
* Open terminal and do '''yum -y install mod_ssl''' which is needed by apache to make this work.
 
* Open terminal and do '''yum -y install mod_ssl''' which is needed by apache to make this work.

Revision as of 14:06, 7 December 2010

This is an example of how to force an app access via https. For this example, AjaXplorer will be used but this will work with any app.

  • Go to you config file for apache, cd /etc/httpd/conf/
  • Now it is time to create a key and a crt. openssl genrsa -out filename.key 1024 then openssl req -new -key filename.key -x509 -days 1000 -out filename.crt It will ask you a few questions, just make sure that the Common Name is the domain name.
  • Next open up httpd.conf with you favorite editor and add NameVirtualHost *:443 somewhere in the conf file
  • Open terminal and do yum -y install mod_ssl which is needed by apache to make this work.
  • Now go to cd /etc/httpd/conf.d/ and find the file that has ajaxplorer in its name. You can type ls to list the files. And open it up with a text editor
  • Edit it to like this:
    <VirtualHost *:443>
        ServerName ajaxplorer
        ServerAlias username.yourhda.com
        SSLEngine On
        SSLCertificateFile /etc/httpd/conf/filename.crt
        SSLCertificateKeyFile /etc/httpd/conf/filename.key

        DocumentRoot /var/hda/web-apps/ajaxplorer/html

        <Directory "/var/hda/web-apps/ajaxplorer/html">
                Options Indexes FollowSymLinks +ExecCGI
                AddHandler fcgid-script .fcg
                AllowOverride AuthConfig
                Order allow,deny
                Allow from all
        </Directory>

    </VirtualHost>
 
  • Finaly create a file called 1026-ajaxplorerhttp.conf (note that the number may change for you) and put in this (also change things like the website name and etc):
    <VirtualHost *:80>
        ServerName username.yourhda.com
        RewriteEngine On
        RewriteCond  %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

        ExpiresDefault "access plus 10 years"

        AddOutputFilterByType DEFLATE text/html text/plain text/xml

    </VirtualHost>

And that's all, you now have 128 bit encryption for ajaxplorer.