wiki:jazz/apache2ssl

Context Navigation

close Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": /usr/lib/python2.7/dist-packages/libsvn/_core.so: failed to map segment from shared object: Cannot allocate memory). Look in the Trac log for more information.

Version 10 (modified by jazz, 17 years ago) (diff)
--

Enable Trac with SSL encryption

前言

先前中心內部系統沒有採 SSL 加密，被大家說有資安問題，再苛責資訊組同仁的同時，我們的 Trac 也還是維持 HTTP 明碼登入登出。因此基於要罵別人之前先把自己做好的基本原則，即日起我們組的 Trac 全面改用 HTTPS 加密連線，以免大家慣用的密碼被竊聽。

作法

首先需要安裝 ssl-cert 與 openssl 套件，然後用 a2enmod (apache2 enable module) 把 Apache2 的 SSL 模組啟用

接著用 make-ssl-cert 指令產生給 Apache2 使用的憑證，剩下就是改 Apache2 的設定了。

trac-pool:~# apt-get install ssl-cert openssl
trac-pool:~# a2enmod ssl
trac-pool:~# mkdir /etc/apache2/ssl
trac-pool:~# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
trac-pool:~# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
trac-pool:~# ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
trac-pool:~# vi /etc/apache2/sites-available/default

/etc/apache2/sites-available/default

-                      old
+                      new
 NameVirtualHost *
 <VirtualHost *>
+NameVirtualHost *:80
+<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/

trac-pool:~# vi /etc/apache2/sites-available/ssl

/etc/apache2/sites-available/

-                      old
+                      new
 NameVirtualHost *
 <VirtualHost *>
+NameVirtualHost *:443
+<VirtualHost *:443>
        ServerAdmin webmaster@localhost
+       SSLEngine on
+       SSLCertificateFile /etc/apache2/ssl/apache.pem
        DocumentRoot /var/www/
        <Directory />

trac-pool:~# vi /etc/apache2/ports.conf

--- /etc/apache2/ports.conf.bak 2008-07-16 17:30:09.000000000 +0800
+++ /etc/apache2/ports.conf     2008-07-16 17:38:17.000000000 +0800
- Listen 80
+ Listen 443

Reference

Download in other formats:

Plain Text