fixed some ssl detection stuff
disabled 'help' plugin for now enabled some ownership checks in CryptoBoxRootActions documentation updates for proxy and ssl configurationsmaster
parent
2aed13ae18
commit
87af175764
@ -1,13 +1,51 @@
|
||||
= https for the CryptoBox =
|
||||
Encrypting the communication with the CryptoBox webserver with SSL
|
||||
|
||||
To secure your http connection from the box to your browser,
|
||||
you may use "stunnel".
|
||||
This file describes how to encrypt your connection to the CryptoBox webserver.
|
||||
This is highly recommended as the encryption password for your data could be
|
||||
exposed to intruders in your local network otherwise.
|
||||
|
||||
Please take a look into the "start_stunnel.sh" script. You may use it
|
||||
to create a certificate and dig a tunnel.
|
||||
There are two ways for setting up a SSL connection:
|
||||
- run the CryptoBox webserver behind an ssl-enabled webserver
|
||||
- use stunnel to provide an SSL socket
|
||||
|
||||
In the case, that you already have a certificate just run this
|
||||
command:
|
||||
|
||||
stunnel -p $YOUR_CERT -r localhost:80 -d 443
|
||||
1) CryptoBox behind an ssl-enabled webserver
|
||||
Read the documentation of your favourite webserver to learn how to enable
|
||||
ssl encryption.
|
||||
|
||||
The CryptoBox webserver cannot detect whether the connection is encrypted
|
||||
or not since it is behind the proxy webserver. Thus you have to tell the
|
||||
CryptoBox whether the connection is encrypted or not.
|
||||
|
||||
for apache2:
|
||||
1) enable the 'headers' module (for debian: "a2enmod headers")
|
||||
2) add this line to your ssl-enabled virtualhost:
|
||||
RequestHeader set X-SSL-Request 1
|
||||
3) restart your webserver
|
||||
|
||||
for lighthttpd:
|
||||
TODO
|
||||
|
||||
|
||||
2) CryptoBox behind stunnel
|
||||
If you do not have an ssl certificate yet, then you should create it first.
|
||||
Please take a look into the "start_stunnel.sh" script. You may use it
|
||||
to create a certificate and dig a tunnel.
|
||||
|
||||
In case, that you already have a certificate just run this command:
|
||||
|
||||
stunnel -p "$YOUR_CERT_FILE" -r localhost:80 -d 443
|
||||
|
||||
Maybe you should add this to your bootup scripts.
|
||||
|
||||
|
||||
3) Problems with SSL detection?
|
||||
If the CryptoBox continues to complain about the unencrypted connection, even
|
||||
if it runs behind an ssl-enabled webserver or behind stunnel, then you can do
|
||||
one of the following things:
|
||||
- set the request header value "X-SSL-Request" to "1" (one)
|
||||
- set the environment setting "HTTPS" to a non-empty value during the
|
||||
startup of the CryptoBox webserver. Maybe /etc/default/cryptobox-server
|
||||
would be the right place for this.
|
||||
- let the CryptoBox webserver listen to port 443
|
||||
|
||||
|
Loading…
Reference in New Issue