68
edits
Changes
From Amahi Wiki
no edit summary
Currently you access your Amahi HDA control panel unsecured. This means that anyone sniffing your network can get the password to your HDA. If your password is compromised then this means they can log in to possibly modify your shares or even access SSH (if you have it enabled). So I recommend anyone using SSH to at least have SSL access to their Amahi HDA.
[[User:Sag47|Sag47]] 00:38, 15 June 2011 (PDT). Updates and clarifications [[User:Spaceman|spaceman]] 15:23, 27 March 2017 (BST).
For some fields there will be a default value,<br>
If you enter '.', the field will be left blank.<br>
<nowiki>-----</nowiki><br>
Country Name (2 letter code) [XX]:<br>
State or Province Name (full name) []:<br>
Locality Name (eg, city) [Default City]:<br>
Organization Name (eg, company) [Default Company Ltd]:<br>
Organizational Unit Name (eg, section) []:<br>Common Name (eg, your name or your server's hostname) []:<br>Email Address []:<br>
<br>
Please enter the following 'extra' attributes<br>
to be sent with your certificate request<br>
A challenge password []:<br>An optional company name []:}}You should make entries at each stage in the second section (after Country Name...).
4. Create a thrid file, server.key, from from our self-generated key (server.key.org):
<pre><nowiki>openssl rsa -passin pass:asecretpassword -in /etc/httpd/ssl.crt/server.key.org -out /etc/httpd/ssl.crt/server.key</nowiki></pre>
== Modify apache initialization ==
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL. ('''NOTE''': NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00-init.conf:1; this section can be ommited).
<pre><nowiki>(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)</nowiki></pre>
<pre><nowiki>cd /etc/httpd/conf.d/
cp 01-platform.conf 01-platform-ssl.conf</nowiki></pre>
You need to modify 01-platform-ssl.conf and <pre><nowiki>nano 01-platfrom-ssl.conf</pre>...replace the line with "<VirtualHost *:80>" to with the following lines...
<pre><nowiki><VirtualHost *:443>
SSLEngine on
== Create a redirect from HDA to secured HDA ==
Modify /etc/httpd/conf.d/'''01-platform.conf''' and go down to the rewrite rules<pre><nowiki>nano 01-platform. conf</nowiki></pre>Below the last rewrite rule , just before the line "# this was only for FCGI" put above the following code.<location /> section, add:
<pre><nowiki>RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]</nowiki></pre>
This will automatically redirect requests from <nowiki>http://hda ((http://192.168.1.10</nowiki>) to <nowiki>https://hda (https://192.168.1.10</nowiki>)...
== Restart the Apache2 server ==
service httpd configtest
If all goes well and you get "'''Syntax OK'''" then you can start your Apache server again.
systemctl restart httpd
{{META_BOX_Green||AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/00-init.conf:1<br>
Syntax OK}}
is acceptable and will work.
If all things end badly and you can't figure it out then it is possible to restart this tutorial from scratch. Just start it over.
