Terminator
How to setup apache SSL to protect the linuxconf HTML interface.
Tested with apache/1.3.12-mod_ssl/2.6.4-linuxconf/1.18r6 (should work with older versions).
I recomend using a different port for linuxconf SSL, this makes it easy to setup since you don't have to define a new FQDN or certificate, you can use the same as the main server uses.
0. Requires:
apache with SSL enabled, proxy support, valid certificate.
1. Configure httpd.conf:
Listen 8098
|
2. Configure linuxconf to accept HTML requests from localhost
3. Linuxconf SSL will now open with https://yourhost:8098/
If you have several hosts on a trusted network you can use one SSL host to remotly access the other hosts, by using different ports:
Listen 8098
|
The optional htmlplus module works fine via SSL using this setup.
If you get an error when reloading apache try to use 'SSLEnable' instead of 'SSLEngine On'.
You can make self-signed SSL certificates with 'make certificate' from the apache source topdir.
Some additional configuration notes from Johannes Brodwall:
First, mod_proxy.c is not loaded by default (at least it wasn't in my configuration). Since I don't know too much about apache, it was somewhat frustrating to get this to work. These lines had to be uncommented: LoadModule proxy_module modules/libproxy.so AddModule mod_proxy.c With that in place, my server would still not start correctly, this time, it was the SSL certificates. The following was needed inside the <VirtualHost> section: SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key FYI, here is the configuration needed to make the same setup work for SWAT: Listen 8901 <Virtualhost _default_:8901> SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ProxyPass / http://localhost:901/ </Virtualhost> apache-1.3.19-5 Redhat 7.1 Linux 2.4.2-2 |
Send questions/comments to Stein Vråle <stein@terminator.net>.