Versions Compared

Old Version 4

changes.mady.by.user Michael Rasmussen

Saved on

compared with

New Version 5

changes.mady.by.user Michael Rasmussen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Derscripes howto setup a webserver for file exchange in a Bit Repository system.

Apache2

Install Apache2, mod_ssl and mod_webdav if not pre-installed.

Code Block

$ a2enmod ssl                 # Enable SSL
$ a2ensite default-ssl        # Enable SSL site

Setup the SSL site (on debian /etc/apache2/sites-available/default-ssl):

Code Block
 Code Block

$ /etc/init.d/apache2 restart # Finally restart apache

References:
 Apache SSL/TLS Encryption
Lighttpd
Enabling upload (WebDAV):
Add "mod_webdav" to server.modules, and configure it:
 No Format

webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"

Enabling SSL (HTTPS) on port 443:
 No Format

$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.pemfile = "/path/to/server.pem" # a PEM file is a combination of a key and certificate
	ssl.ca-file = "/path/to/ca.crt"     # This is the CA file used to sign the above key (if needed, which it is for self-signed certificates)
}

To enable client authentication add the following to the configuration:
 No Format

	ssl.verifyclient.activate = "enable"
	ssl.verifyclient.enforce = "enable"
	#ssl.verifyclient.depth = "1" # Should possibly be enabled in the future
	ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"

References:
 Configuring SSL
 Redirecting HTTP to HTTPS
Creating a certificate authority for test
...
 No Format
# openssl genrsa -out client.key 1024 # Generate public/private key for client
# openssl req -new -key client.key \
                   -out client.csr    # Create certificate signing request
# openssl ca -config ca.conf \      
               -in client.csr \
              -cert ca.crt \
             -keyfile ca.key \
             -out client.crt          # Sign certificate

# openssl pkcs12 -export -clcerts \
                 -in client.crt \
                 -inkey client.key \
                 -out client.p12      # Create PKCS12 keystore for use with web browsers

References:
Client certificates with apache
Lighttpd
Enabling upload (WebDAV):
Add "mod_webdav" to server.modules, and configure it:
 No Format

webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"

Enabling SSL (HTTPS) on port 443:
 No Format

$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.pemfile = "/path/to/server.pem" # a PEM file is a combination of a key and certificate
	ssl.ca-file = "/path/to/ca.crt"     # This is the CA file used to sign the above key (if needed, which it is for self-signed certificates)
}

To enable client authentication add the following to the configuration:
 No Format

	ssl.verifyclient.activate = "enable"
	ssl.verifyclient.enforce = "enable"
	#ssl.verifyclient.depth = "1" # Should possibly be enabled in the future
	ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"

References:
 Configuring SSL
 Redirecting HTTP to HTTPS