Difference between revisions of "Secure App Access"

From Amahi Wiki
Jump to: navigation, search
Line 7: Line 7:
  
 
* Go to your config file for apache:
 
* Go to your config file for apache:
{{Code|cd /etc/httpd/conf}}
+
cd /etc/httpd/conf
 
* Now it is time to create a key and a crt.  It will ask you a few questions, just make sure that the '''Common Name''' is the domain name:
 
* Now it is time to create a key and a crt.  It will ask you a few questions, just make sure that the '''Common Name''' is the domain name:
{{code|openssl genrsa -out filename.key 1024
+
openssl genrsa -out filename.key 1024
openssl req -new -key filename.key -x509 -days 1000 -out filename.crt}}
+
openssl req -new -key filename.key -x509 -days 1000 -out filename.crt
 
* Next open up '''/etc/httpd/conf/httpd.conf''' and add the following to the end (skip if you implemented [[Access HDA over SSL]]):
 
* Next open up '''/etc/httpd/conf/httpd.conf''' and add the following to the end (skip if you implemented [[Access HDA over SSL]]):
{{Text|NameVirtualHost *:443}}
+
NameVirtualHost *:443
 
* Open terminal and do (skip if you implemented [[Access HDA over SSL]]):
 
* Open terminal and do (skip if you implemented [[Access HDA over SSL]]):
{{Code|yum -y install mod_ssl}}
+
yum -y install mod_ssl
 
* Find the file that has ajaxplorer in its name (i.e. '''1026-ajaxplorer.conf'''):
 
* Find the file that has ajaxplorer in its name (i.e. '''1026-ajaxplorer.conf'''):
{{Code|cd /etc/httpd/conf.d/}} 
+
cd /etc/httpd/conf.d
 
* Edit it to like this (change username.yourhda.com):
 
* Edit it to like this (change username.yourhda.com):
{{Text|<VirtualHost *:443>
+
<pre><VirtualHost *:443>
 
         ServerName ajaxplorer
 
         ServerName ajaxplorer
 
         ServerAlias username.yourhda.com
 
         ServerAlias username.yourhda.com
Line 35: Line 35:
 
         </Directory>
 
         </Directory>
  
     </VirtualHost>}}
+
     </VirtualHost></pre>
 
*  Finally create a file called '''1026-ajaxplorerhttp.conf''' (number may be different for you) and add this code (change username.hda.com):
 
*  Finally create a file called '''1026-ajaxplorerhttp.conf''' (number may be different for you) and add this code (change username.hda.com):
{{Text|<VirtualHost *:80>
+
<pre><VirtualHost *:80>
 
         ServerName ajaxplorer
 
         ServerName ajaxplorer
 
         ServerAlias username.yourhda.com
 
         ServerAlias username.yourhda.com
Line 48: Line 48:
 
         AddOutputFilterByType DEFLATE text/html text/plain text/xml
 
         AddOutputFilterByType DEFLATE text/html text/plain text/xml
  
     </VirtualHost>}}
+
     </VirtualHost></pre>
 
* Now you need to restart apache:
 
* Now you need to restart apache:
{{Code|service httpd restart}}
+
service httpd restart
 
* And that's all, you now have 128 bit encryption for AjaXplorer.  Note that when you uninstall the app, you will need to manually remove the '''1026-ajaxplorerhttp.conf''' file you created.
 
* And that's all, you now have 128 bit encryption for AjaXplorer.  Note that when you uninstall the app, you will need to manually remove the '''1026-ajaxplorerhttp.conf''' file you created.
  
 
==== See also ====
 
==== See also ====
 
[[Access HDA over SSL]]
 
[[Access HDA over SSL]]

Revision as of 21:00, 7 August 2014

Warning.png WARNING
This is recommended only for advanced users, proceed with caution.


This is an example of how to force web app access via HTTPS. For this example, AjaXplorer will be used but this will work with any web app.

  • Go to your config file for apache:
cd /etc/httpd/conf
  • Now it is time to create a key and a crt. It will ask you a few questions, just make sure that the Common Name is the domain name:
openssl genrsa -out filename.key 1024
openssl req -new -key filename.key -x509 -days 1000 -out filename.crt
  • Next open up /etc/httpd/conf/httpd.conf and add the following to the end (skip if you implemented Access HDA over SSL):
NameVirtualHost *:443
yum -y install mod_ssl
  • Find the file that has ajaxplorer in its name (i.e. 1026-ajaxplorer.conf):
cd /etc/httpd/conf.d
  • Edit it to like this (change username.yourhda.com):
<VirtualHost *:443>
        ServerName ajaxplorer
        ServerAlias username.yourhda.com
        SSLEngine On
        SSLCertificateFile /etc/httpd/conf/filename.crt
        SSLCertificateKeyFile /etc/httpd/conf/filename.key

        DocumentRoot /var/hda/web-apps/ajaxplorer/html

        <Directory "/var/hda/web-apps/ajaxplorer/html">
                Options Indexes FollowSymLinks +ExecCGI
                AddHandler fcgid-script .fcg
                AllowOverride AuthConfig
                Order allow,deny
                Allow from all
        </Directory>

    </VirtualHost>
  • Finally create a file called 1026-ajaxplorerhttp.conf (number may be different for you) and add this code (change username.hda.com):
<VirtualHost *:80>
        ServerName ajaxplorer
        ServerAlias username.yourhda.com
        RewriteEngine On
        RewriteCond  %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

        ExpiresDefault "access plus 10 years"

        AddOutputFilterByType DEFLATE text/html text/plain text/xml

    </VirtualHost>
  • Now you need to restart apache:
service httpd restart
  • And that's all, you now have 128 bit encryption for AjaXplorer. Note that when you uninstall the app, you will need to manually remove the 1026-ajaxplorerhttp.conf file you created.

See also

Access HDA over SSL