1. Diese Seite verwendet Cookies. Wenn du dich weiterhin auf dieser Seite aufhältst, akzeptierst du unseren Einsatz von Cookies. Weitere Informationen

How-To IPC-Webinterface via SSL (massima sicurezza!!!)

Dieses Thema im Forum "IPC (Italiana)" wurde erstellt von meister85, 5. Januar 2012.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    In questo How-To vi voglio spiegare come possiamo massimizzare la sicurezza del nostro IPC-Webinterface usando SSL.

    1. Installare OpenSSL con questo commando in Putty:

    Code:
    apt-get install openssl
    2. Creare il certificato di sicurezza:

    Code:
    openssl req $@ -new -x509 -days [COLOR=#ff0000]365[/COLOR] -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
    
    365 = Certificato a una validita di 365 giorni!

    Per creare il certificato bisogno mettere alcuni parametri

    Code:
    Country Name (2 letter code) [AU]:IT
    
    State or Province Name (full name) [Some-State]:ITALIA
    Locality Name (eg, city) []:Roma
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:ci potete mettere qualcosa di fantasia
    Organizational Unit Name (eg, section) []:.
    [COLOR=#ff0000][B]Common Name (eg, YOUR name)[/B][/COLOR] []:[B]vostrodyndns.com[/B] [B]oppure l´IP dell server[/B]
    Email Address []:blablabla@blabla.de
    !!! Importante: Il CN-Name bisogno mettere il vero IP oppure il DYNDNS, altrimenti vi viene proibito l´accesso sul server !!!

    3. Dobbiamo settare l´attributi per il certificato:

    Code:
    chmod 600 /etc/apache2/apache.pem
    4. Ora dobbiamo modificare la config per apache2:

    Code:
    cd /etc/apache2/sites-available
    Code:
    cp -f /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
    5. Apriamo il file per modificare la configurazione SSL:

    Code:
    nano /etc/apache2/sites-available/ssl
    Il contenuto dovrebbe essere simile questa:

    Code:
    <VirtualHost [COLOR=#ff0000][B]vostro_IP_del_Server[/B][/COLOR]:443>
        ServerAdmin [COLOR=#ff0000][B]vostro_Email[/B][/COLOR]
        
        DocumentRoot /var/www/
        <Directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    [COLOR=#ff0000][B]        SSLEngine on
            SSLCertificateFile /etc/apache2/apache.pem[/B][/COLOR]
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
        </Directory>
    
        ErrorLog /var/log/apache2/error.log
    
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
    
        CustomLog /var/log/apache2/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
    </VirtualHost>
    
    6. Attivare SSL:

    Code:
    a2enmod ssl
    7. Ora apriamo la ports.conf per modificare la porta per l´accesso:

    Code:
    nano /etc/apache2/ports.conf
    Il contenuto dovrebbe essere simile questa:

    Code:
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    
    NameVirtualHost [COLOR=#ff0000][B]vostro_IP_del_Server[/B][/COLOR]:443
    [COLOR=#ff0000][B]#Listen 80[/B][/COLOR]
    
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
       [COLOR=#ff0000][B] Listen 443[/B][/COLOR]
    </IfModule>
    
    <IfModule mod_gnutls.c>
    #    Listen 443
    </IfModule>
    
    8. Riavviamo apache2:

    Code:
    /etc/init.d/apache2 restart
    Da ora in poi vostro IPC-Webinterface viene cryptato via SSL.

    Code:
    [COLOR=#ff0000][SIZE=3][B]https[/B][/SIZE][/COLOR]://[COLOR=#000000]vostro_IP_del_Server[/COLOR]
    Se vi volete connetere esterno, dovete aprire la porta 443 nel router!




    >>>>>

    Dieser Link ist nur für Mitglieder!!! Jetzt kostenlos Registrieren ?

    <<<<<

     
    Zuletzt bearbeitet: 4. Februar 2013
    #1
    elcoro, seppel11, AZK24 und 2 anderen gefällt das.
  2. phantom

    Nervigen User Advertisement

  3. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    AW: IPC-Webinterface via SSL (massima sicurezza!!!)

    Per chi se lo vuole fare piu facile puo usare anche la configurazione standard:

    1. attivare SSL:

    Code:
    a2enmod ssl
    2. settare la configuratione standard del debian:

    Code:
    a2ensite default-ssl
    3. modificare la ports.conf:

    Code:
    nano /etc/apache2/ports.conf
    Code:
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    
    NameVirtualHost [COLOR=#ff0000]*:443[/COLOR]
    [COLOR=#ff0000]#Listen 80[/COLOR]
    
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
        Listen 443
    </IfModule>
    
    <IfModule mod_gnutls.c>
        Listen 443
    </IfModule>
    4. riavviare apache2:

    Code:
    /etc/init.d/apache2 restart
     
    #2
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen