https


roza

Recommended Posts

I have bittorrent sync running on a remote linux server (essentially replacing dropbox which is great)! What I am trying to set up is a https connection to send the login password encrypted. Unfortunately, I don't really know how to do this (my server supports https, that I know). Do I have to define a specific listening port in the conf.sync or how do I do this?

Link to comment
Share on other sites

Hey roza.

If you already run a webserver doing HTTPS, you could use a reverse proxy configuration.

Just in case you have an apache up and running, this should do the trick as a fresh new vhost:


ProxyPass / http://127.0.0.1:8888/
ProxyPassReverse / http://127.0.0.1:8888/
<Proxy *>
Allow from all
</Proxy>

Ontop of this, you can do almost everything mod_access provides. So feel free to add little more restrictive policy than "allow from all" :).

I use such a thing to almost every feature any of my servers provides by both, HTTP and HTTPs.

There are two reasons for this:

  1. With this configuration, I can use almost every webinterface bound to default port 80 and 443 and just destinguish them by domain names. Very convenient, because I'm more likely to remember domain names than port numbers.
  2. The webserver doesn't expose any product specific signatures unless you found the matching vhost. Noone can just enter ":8888" and guess, based on the responses content, which service might be running and maybe open for attacks.
  3. It's realy easy to have widely proved HTTPS implementation protecting the stream, instead of having a service that uses a HTTPS implementation of its own and I don't know its codebase. Having apache here in place for both, authentication and HTTPS makes me sleep slightly better.

Regards,

Stephan.

Link to comment
Share on other sites

Hi Stephan,

Thank you very much for your help. This sounds exactly like what I have in mind. I do have apache running and I googled around and read about creating the new vhost. But unfortunately, I couldn't really find a tutorial that made it clear to me. May I kindly ask you to go a little more into detail on how to create the new vhost or post a link to a good and basic tutorial. That would be very helpful. Thank you!

Link to comment
Share on other sites

Hi Roza.

The way to create vhosts differs a little between different linux distributions, and is even another thing on windows.

On debian based distributions, there is a /etc/apache2/sites-avialble folder where each vhost should have its very own vhost file. Then for each file there is a symlink from /etc/apache2/sites-available/* to /etc/apache2/sites-enabled/* which allows you to enable and disable vhosts on demand without requiring to completely delete them.

The vhost itself has a "ServerName", which is the primary domain name the vhost responds to, as well as many ServerAlias values that are other domain names the vhost responds to, too.

You need to also enable the enable "NameVirtualHost" for both, port 80 and port 443. Debian based systems use to have it only enabled on *:80 but not on *:443. So you need to adjust this.

I just googled "NameVirtualHost" and found this very link containing the basics:

https://www.linode.com/wiki/index.php/Configure_apache_to_use_virtual_hosts_on_ubuntu_server

But again: It very much depends on the distribution you use.

Regards,

Stephan.

Link to comment
Share on other sites

  • 1 month later...

Hi Stephan,

 

I have been learning a lot in the last few weeks and now understand much better how to set up a virtual host (and have done so successfully several times now). However, the reverse proxy setting on my apache you recommended still give me trouble. Could I kindly ask you to expand your example a little? What exactly do I have to put between the <VirtualHost *:80> and </VirtualHost> code lines? That would be great, thank you!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.