Access HDA over SSL
WARNING | |
---|---|
This is recommended only for advanced users, proceed with caution. |
Here I will discuss accessing your Amahi HDA over SSL. This means that you will go to your home page http://hda and it will automatically convert to https://hda.
Prerequisites
I assume you already have Fedora 14 installed with Amahi up and running.
Instructions
Install mod_ssl
mod_ssl for Apache2 is required for this functionality. Luckily Fedora makes it easy.
bash code |
---|
yum -y install mod_ssl
|
Generate your own certificates
NOTE: Leaving defaults will not make your server less secure.
bash code |
---|
mkdir /etc/httpd/ssl.crt openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024 openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.csr -days 3650 openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /etc/httpd/ssl.crt/server.key.org -in /etc/httpd/ssl.crt/server.csr -out /etc/httpd/ssl.crt/server.crt -days 3650 openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key mkdir /etc/httpd/ssl.key mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key chmod 400 /etc/httpd/ssl.key/server.key
|
Edit ssl.conf
Edit the current /etc/httpd/conf.d/ssl.conf and change the following lines to match the code below.
bash code |
---|
SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
|
Modify apache initialization
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL.
bash code |
---|
(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)
|
Create your HDA SSL virtual host
Now you need your HDA virtual host over SSL. The default configuration is pretty good so let's use that.
bash code |
---|
cd /etc/httpd/conf.d/ cp 01-platform.conf 01-platform-ssl.conf
|
You need to modify 01-platform-ssl.conf and change <VirtualHost *:80> to the following...
Text |
---|
<VirtualHost *:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
|
This way the server utilizes the SSL certificates you created for yourself.
Create a redirect from HDA to secured HDA
Modify 01-platform.conf and go down to the rewrite rules. Below the last rewrite rule just before the line "# this was only for FCGI" put the following code.
Text |
---|
RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
|
Finished
Now that you're done go ahead and visit http://hda and watch it turn into https://hda! Understand that the certificates you generated have not been verified by a certificate authority so you'll need to confirm a security exception.