lars
794998f950
rendering bug of volume_properties fixed for ie fixed screen width in a mozilla/ie compatible way added german translation: 'log', 'network', 'volume_automount' and 'volume_details' fixed config management of 'plugin_manager' plugin fixed filtering of log level messages for 'logs' plugin updated documentation for ssl configurations changed default installation destinations in setup.py added nice background images to environment and help messages replaced message 'div' with 'fieldset' moved stylesheet data of plugins to html header (as required by spec) removed obsolete css definitions removed obsolete old perl/bash code improved 'update_po_files': remove obsolete msgids functionality of 'update_english.sh' moved to 'update_po_files' omit 'weblang' link attribute if it does not change the default setting changed default language from 'de' to 'en' fixed template bug that prevented the translation of plugin links fixed invalid html implement filecheck overriding for unittests
59 lines
2.2 KiB
Plaintext
59 lines
2.2 KiB
Plaintext
Encrypting the communication with the CryptoBox webserver with SSL
|
|
|
|
This file describes how to encrypt your connection to the CryptoBox webserver.
|
|
This is highly recommended as the encryption password for your data could be
|
|
exposed to intruders in your local network otherwise.
|
|
|
|
There are two ways for setting up a SSL connection:
|
|
- run the CryptoBox webserver behind an ssl-enabled webserver
|
|
- use stunnel to provide an SSL socket
|
|
|
|
|
|
1) CryptoBox behind an ssl-enabled webserver
|
|
Read the documentation of your favourite webserver to learn how to enable
|
|
ssl encryption.
|
|
|
|
The CryptoBox webserver cannot detect whether the connection is encrypted
|
|
or not since it is behind the proxy webserver and does not share its
|
|
environment. Thus you have to tell the CryptoBox in the request header
|
|
whether the connection is encrypted or not.
|
|
|
|
for apache2:
|
|
1) enable the 'headers' module (for debian: "a2enmod headers")
|
|
2) add this line to your ssl-enabled virtualhost:
|
|
RequestHeader set X-SSL-Request 1
|
|
3) restart your webserver
|
|
|
|
for lighthttpd:
|
|
TODO
|
|
|
|
|
|
2) CryptoBox behind stunnel
|
|
You may want to tunnel the traffic between the cryptobox-server
|
|
and your browser. "stunnel" is an excellent candidate for this job.
|
|
|
|
If you do not have an ssl certificate yet, then you should create
|
|
one first. On Debian: "apt-get install ssl-cert" and run the following
|
|
command (replace the <NAMES>; a default CERT_CONF is shipped with the
|
|
cryptobox-server package):
|
|
|
|
make-ssl-cert <CERT_CONF> <CERT_FILE_NAME>
|
|
|
|
In case, that you already have a certificate just run this command:
|
|
|
|
stunnel -p <CERT_FILE_NAME> -r localhost:80 -d 443
|
|
|
|
And maybe you want to add the last command to your bootup scripts.
|
|
|
|
|
|
3) Problems with SSL detection?
|
|
If the CryptoBox continues to complain about the unencrypted connection, even
|
|
if it runs behind an ssl-enabled webserver or behind stunnel, then you can do
|
|
one of the following things:
|
|
- set the request header value "X-SSL-Request" to "1" (the digit 'one')
|
|
- set the environment setting "HTTPS" to a non-empty value during the
|
|
startup of the CryptoBox webserver. Maybe /etc/default/cryptobox-server
|
|
would be the right place for this.
|
|
- let the CryptoBox webserver listen to port 443
|
|
|