Difference between revisions of "Secure App Access"
From Amahi Wiki
| Line 7: | Line 7: | ||
* Go to your config file for apache: | * Go to your config file for apache: | ||
| − | + | cd /etc/httpd/conf | |
* Now it is time to create a key and a crt. It will ask you a few questions, just make sure that the '''Common Name''' is the domain name: | * Now it is time to create a key and a crt. It will ask you a few questions, just make sure that the '''Common Name''' is the domain name: | ||
| − | + | openssl genrsa -out filename.key 1024 | |
| − | openssl req -new -key filename.key -x509 -days 1000 -out filename.crt | + | openssl req -new -key filename.key -x509 -days 1000 -out filename.crt |
* Next open up '''/etc/httpd/conf/httpd.conf''' and add the following to the end (skip if you implemented [[Access HDA over SSL]]): | * Next open up '''/etc/httpd/conf/httpd.conf''' and add the following to the end (skip if you implemented [[Access HDA over SSL]]): | ||
| − | + | NameVirtualHost *:443 | |
* Open terminal and do (skip if you implemented [[Access HDA over SSL]]): | * Open terminal and do (skip if you implemented [[Access HDA over SSL]]): | ||
| − | + | yum -y install mod_ssl | |
* Find the file that has ajaxplorer in its name (i.e. '''1026-ajaxplorer.conf'''): | * Find the file that has ajaxplorer in its name (i.e. '''1026-ajaxplorer.conf'''): | ||
| − | + | cd /etc/httpd/conf.d | |
* Edit it to like this (change username.yourhda.com): | * Edit it to like this (change username.yourhda.com): | ||
| − | + | <pre><VirtualHost *:443> | |
ServerName ajaxplorer | ServerName ajaxplorer | ||
ServerAlias username.yourhda.com | ServerAlias username.yourhda.com | ||
| Line 35: | Line 35: | ||
</Directory> | </Directory> | ||
| − | </VirtualHost> | + | </VirtualHost></pre> |
* Finally create a file called '''1026-ajaxplorerhttp.conf''' (number may be different for you) and add this code (change username.hda.com): | * Finally create a file called '''1026-ajaxplorerhttp.conf''' (number may be different for you) and add this code (change username.hda.com): | ||
| − | + | <pre><VirtualHost *:80> | |
ServerName ajaxplorer | ServerName ajaxplorer | ||
ServerAlias username.yourhda.com | ServerAlias username.yourhda.com | ||
| Line 48: | Line 48: | ||
AddOutputFilterByType DEFLATE text/html text/plain text/xml | AddOutputFilterByType DEFLATE text/html text/plain text/xml | ||
| − | </VirtualHost> | + | </VirtualHost></pre> |
* Now you need to restart apache: | * Now you need to restart apache: | ||
| − | + | service httpd restart | |
* And that's all, you now have 128 bit encryption for AjaXplorer. Note that when you uninstall the app, you will need to manually remove the '''1026-ajaxplorerhttp.conf''' file you created. | * And that's all, you now have 128 bit encryption for AjaXplorer. Note that when you uninstall the app, you will need to manually remove the '''1026-ajaxplorerhttp.conf''' file you created. | ||
==== See also ==== | ==== See also ==== | ||
[[Access HDA over SSL]] | [[Access HDA over SSL]] | ||
Revision as of 21:00, 7 August 2014
|
WARNING |
|---|---|
| This is recommended only for advanced users, proceed with caution. |
This is an example of how to force web app access via HTTPS. For this example, AjaXplorer will be used but this will work with any web app.
- Go to your config file for apache:
cd /etc/httpd/conf
- Now it is time to create a key and a crt. It will ask you a few questions, just make sure that the Common Name is the domain name:
openssl genrsa -out filename.key 1024 openssl req -new -key filename.key -x509 -days 1000 -out filename.crt
- Next open up /etc/httpd/conf/httpd.conf and add the following to the end (skip if you implemented Access HDA over SSL):
NameVirtualHost *:443
- Open terminal and do (skip if you implemented Access HDA over SSL):
yum -y install mod_ssl
- Find the file that has ajaxplorer in its name (i.e. 1026-ajaxplorer.conf):
cd /etc/httpd/conf.d
- Edit it to like this (change username.yourhda.com):
<VirtualHost *:443>
ServerName ajaxplorer
ServerAlias username.yourhda.com
SSLEngine On
SSLCertificateFile /etc/httpd/conf/filename.crt
SSLCertificateKeyFile /etc/httpd/conf/filename.key
DocumentRoot /var/hda/web-apps/ajaxplorer/html
<Directory "/var/hda/web-apps/ajaxplorer/html">
Options Indexes FollowSymLinks +ExecCGI
AddHandler fcgid-script .fcg
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
- Finally create a file called 1026-ajaxplorerhttp.conf (number may be different for you) and add this code (change username.hda.com):
<VirtualHost *:80>
ServerName ajaxplorer
ServerAlias username.yourhda.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</VirtualHost>
- Now you need to restart apache:
service httpd restart
- And that's all, you now have 128 bit encryption for AjaXplorer. Note that when you uninstall the app, you will need to manually remove the 1026-ajaxplorerhttp.conf file you created.
