Direkt zum Hauptbereich

SSL virtualhost after you setup a SSH connection through rsa keys and always redirect to it

You may have done this: ssh-keygen and ssh-copy-id and now you want to enable SSL. With Eric Ambergs "Linux-Server" book and Converting keys between openssl and openssh, I did this so far:

  • local: "scp MYKEY root@remote.server:~"
    after this its just remote:
  • "a2enmod ssl"
  • "mkdir /etc/apache2/ssl"
  • "openssl req -x509 -days 365 -new -key MYKEY -out /etc/apache2/ssl/nedab.de.pem" and make sure you use a wildcard domain as common name, e.g. *.common.com. That way your certificate is valid for all subdomains.
  •  "a2enmod redirect"
  • virtualhost in /etc/apache/site-available with help from Redirect Request to SSL: 
     <VirtualHost *:80>  
   ServerName ..........  
   Redirect permanent / https://........../  
 </VirtualHost>  
   
 <VirtualHost _default_:443>  
     SSLEngine on  
     SSLCipherSuite HIGH:MEDIUM  
   
     SSLCertificateFile   /etc/apache2/ssl/........pem  
     SSLCertificateKeyFile  /etc/apache2/ssl/MYKEY  
   
     ServerName   .......  
     DocumentRoot  /var/www/html/ssl  
   
     #CustomLog    "/var/log/httpd/one-access.log" combined  
     #ErrorLog    "/var/log/httpd/one-error.log"  
   
     #Redirect permanent http://....... https://.........  
   
 #        <IfModule mod_rewrite.c>  
  #       RewriteEngine On  
  #       RewriteCond %{HTTPS} off  
   #      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]  
   #      </IfModule>  
   
      <Directory /var/www/html/ssl>  
         AllowOverride none  
   
         Order Allow,Deny  
         Allow from all  
     </Directory>  
 </VirtualHost> 
  • "a2ensite YOURHOST"
  • "service /etc/apache2 restart"
 And now everyting for that virtualhost should be redirected to a SSL connection.

Even though this took me a while, I did it the first time, it was important because now I can secure a lot of my connections, e.g. postfixadmin with roundcube and dovecot in the background ;)


Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

rails + carrierwavve + plupload = multiple file upload

Right now I am very happy! I finished my work on creating a file upload method in rails for more than one file, altogether handled by rails sessions and as objects. First I had to learn a bit more about how rails works and I achieved that by reading a lot: books, screencasts and blogs. In this blog post I like to share what I accomplished, but without the hussle of putting code blocks in here, so watch out for bold formatted text as that is the code. My goal was to have one site with just the pure option of uploading files. All file handling would be done behind the scenes by myself logging onto my server. That said you are not going to see any fancy CRUD here. Lets start then! And dont forget to versioning your app BEFORE you try something new! [e.g. git] > rails g scaffold Photo title:string Now add carrierwave to you Gemfile and run > bundle install >rails g uploader Photo Alltogether you have model, controller, views and an uploader folder with the Ph...
Kommentar veröffentlichen
Mehr anzeigen

LEGO Alternativen: Sluban und COBI

Ich habe vor kurzem wieder Feuer gefangen für LEGO. Und das kam durch die Dokumentation über die Errichtung des LEGO-Hauses in Billund. Also habe ich meine Steine gereinigt und die Kinder fangen gerade an, auch mal etwas zu bauen. Teilweise stammen meine Steine aus den 1970ern, 1980er und viel aus den 1990ern - alles passt noch wunderbar aufeinander. Viele Designs von LEGO gehen doch Wege, die ich selber nicht so toll finde. Ausserdem verstehe ich nicht, dass etliche Designs aufgegeben wurden. Letztere Sets findet man dann zu horrenden Preisen auf den einschlägigen Plattformen. Also sah ich mich um, denn das Patent für das Baustein-Prinzip ist abgelaufen und andere Firmen produzieren auch Stecksteine. Sluban ... ist Mist und wird von mir nie mehr gekauft. Die Firma stiehlt von LEGO, hat aber auch interessante Designs. Gerade bei militärischen Sachen findet der Fan einige gut aussehende Sets. Aber die Steine wirken nicht besonders toll, es gibt Macken, die Anleitung kön...
Kommentar veröffentlichen
Mehr anzeigen

debian 6 vserver - a new installation due to centOS update problem - my steps

My centOS vserver broke down after a "yum update" and even the centOS community forum could not give an answer within 24h. In my books that is poor for the almighty and stable centOS. Bare in mind that I am just a normal user of linux, no professional and definitely no expert when it comes to server, but I can read, try and share my findings: debian 6 installation steps via ssh secure your server: adduser foobar for security purposes  change /etc/sshd/sshd_conf to PermitRootLogin no now you can login as foobar and change to root via su - visudo for sudo command permissions and put this at the bottom: foobar   ALL=(ALL) ALL change hostname change hostname in /etc/hostname and in /etc/hosts reboot login via rsa key rather than password locally do ssh-keygen ssh-copy-id -i foobar@hostname... ssh now works without passwords but with keys (for easy deployment) install ruby and rails via rvm login as root always good to have: sudo apt-get install...
Kommentar veröffentlichen
Mehr anzeigen