Information ausblenden
Das Digital Eliteboard ist ein Kostenloses Forum. Wenn du alle Bereiche sehen möchtest oder Fragen hast, musst du dich zunächst Registrieren.

Jetzt Registrieren

How-To IPC-Webinterface via SSL (massima sicurezza!!!)

Dieses Thema im Forum "IPC (Italiana)" wurde erstellt von meister85, 5. Januar 2012.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.241
    Punkte für Erfolge:
    113
    In questo How-To vi voglio spiegare come possiamo massimizzare la sicurezza del nostro IPC-Webinterface usando SSL.

    1. Installare OpenSSL con questo commando in Putty:

    Code:
    apt-get install openssl
    2. Creare il certificato di sicurezza:

    Code:
    openssl req $@ -new -x509 -days [COLOR=#ff0000]365[/COLOR] -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
    
    365 = Certificato a una validita di 365 giorni!

    Per creare il certificato bisogno mettere alcuni parametri

    Code:
    Country Name (2 letter code) [AU]:IT
    
    State or Province Name (full name) [Some-State]:ITALIA
    Locality Name (eg, city) []:Roma
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:ci potete mettere qualcosa di fantasia
    Organizational Unit Name (eg, section) []:.
    [COLOR=#ff0000][B]Common Name (eg, YOUR name)[/B][/COLOR] []:[B]vostrodyndns.com[/B] [B]oppure l´IP dell server[/B]
    Email Address []:blablabla@blabla.de
    !!! Importante: Il CN-Name bisogno mettere il vero IP oppure il DYNDNS, altrimenti vi viene proibito l´accesso sul server !!!

    3. Dobbiamo settare l´attributi per il certificato:

    Code:
    chmod 600 /etc/apache2/apache.pem
    4. Ora dobbiamo modificare la config per apache2:

    Code:
    cd /etc/apache2/sites-available
    Code:
    cp -f /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
    5. Apriamo il file per modificare la configurazione SSL:

    Code:
    nano /etc/apache2/sites-available/ssl
    Il contenuto dovrebbe essere simile questa:

    Code:
    <VirtualHost [COLOR=#ff0000][B]vostro_IP_del_Server[/B][/COLOR]:443>
        ServerAdmin [COLOR=#ff0000][B]vostro_Email[/B][/COLOR]
        
        DocumentRoot /var/www/
        <Directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    [COLOR=#ff0000][B]        SSLEngine on
            SSLCertificateFile /etc/apache2/apache.pem[/B][/COLOR]
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
        </Directory>
    
        ErrorLog /var/log/apache2/error.log
    
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
    
        CustomLog /var/log/apache2/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
    </VirtualHost>
    
    6. Attivare SSL:

    Code:
    a2enmod ssl
    7. Ora apriamo la ports.conf per modificare la porta per l´accesso:

    Code:
    nano /etc/apache2/ports.conf
    Il contenuto dovrebbe essere simile questa:

    Code:
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    
    NameVirtualHost [COLOR=#ff0000][B]vostro_IP_del_Server[/B][/COLOR]:443
    [COLOR=#ff0000][B]#Listen 80[/B][/COLOR]
    
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
       [COLOR=#ff0000][B] Listen 443[/B][/COLOR]
    </IfModule>
    
    <IfModule mod_gnutls.c>
    #    Listen 443
    </IfModule>
    
    8. Riavviamo apache2:

    Code:
    /etc/init.d/apache2 restart
    Da ora in poi vostro IPC-Webinterface viene cryptato via SSL.

    Code:
    [COLOR=#ff0000][SIZE=3][B]https[/B][/SIZE][/COLOR]://[COLOR=#000000]vostro_IP_del_Server[/COLOR]
    Se vi volete connetere esterno, dovete aprire la porta 443 nel router!




    >>>>> Per domande clicca qui <<<<<
     
    Zuletzt bearbeitet: 4. Februar 2013
    #1
    elcoro, seppel11, AZK24 und 2 anderen gefällt das.
  2. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.241
    Punkte für Erfolge:
    113
    AW: IPC-Webinterface via SSL (massima sicurezza!!!)

    Per chi se lo vuole fare piu facile puo usare anche la configurazione standard:

    1. attivare SSL:

    Code:
    a2enmod ssl
    2. settare la configuratione standard del debian:

    Code:
    a2ensite default-ssl
    3. modificare la ports.conf:

    Code:
    nano /etc/apache2/ports.conf
    Code:
    # If you just change the port or add more ports here, you will likely also
    # have to change the VirtualHost statement in
    # /etc/apache2/sites-enabled/000-default
    # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
    # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
    # README.Debian.gz
    
    NameVirtualHost [COLOR=#ff0000]*:443[/COLOR]
    [COLOR=#ff0000]#Listen 80[/COLOR]
    
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
        Listen 443
    </IfModule>
    
    <IfModule mod_gnutls.c>
        Listen 443
    </IfModule>
    4. riavviare apache2:

    Code:
    /etc/init.d/apache2 restart
     
    #2
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen

OK Mehr information

Diese Seite verwendet Cookies. Mit Ihrem Klick auf OK stimmen Sie der Verwendung von Cookies zu. Andernfalls ist die Funktionalität dieser Website beschränkt.