Hi Declan,
Glad to read that you have successfully configured sme to run https access to i-bay.
I would appreciate if you can update here your notes on the sequence of configuration steps using the template system to provide https access to a specific i-bay. Hopefully you have documented the actual configuration steps you have done to make this to work successfully.
Hi Festus. I followed the how-to in the Wiki which links to an older document by Ray Mitchell. Ray's instructions worked for me (Thanks Ray!) & his how-to is here:
http://wiki.contribs.org/Https_redirection Under /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/ i have a fragment called 60redir-clientibay
My code fragment looks like this;
{
if ($port ne "443")
{
$OUT .= <<'HERE';
## Redirect Web Address to Secure Address
RewriteEngine on
RewriteRule ^/client1 https://%{HTTP_HOST}/client1
RewriteRule ^/client2 https://%{HTTP_HOST}/client2
## End Of Redirect
HERE
}
}
Substitute the names of your iBays for client1 & client 2 above then expand the template etc. per Ray Mitchell instructions in the how-to and you're all done.
I would like to configure the server with https access to a few i-bays with virtual host domains with ssl certs. With the experience you have gained, I hope you will be able to provide some direction on achieving this. Would this require that I use one public IP address for each i-bay ? If yes, would appreciate if you can provide some instructions on this based on your experience.
OK, this is a little outside my experience, but I didn't use a different IP per iBay. My needs are fairly simple, so for my requirements I simply registered a pointer with my ISP of "client.mycompany.com" and had them point that at the public IP of my SME box (in server/gateway mode obviously).
Then for each client I tell them your documentation is at
https://client.mycompany.com/client_nameFor each iBay I use the .htaccess controls to manage user authentication on a per-user basis. See:
http://wiki.contribs.org/HtaccessSo in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf I have a fragment called 50AddSecureIbayFolder which looks like this;
<Directory /home/e-smith/files/ibays/client1/html>
AuthName "Client 1 Secure Area - Login Required"
AuthType Basic
AuthExternal pwauth
<Limit GET>
order deny,allow
require user bart homer lisa
</Limit>
</Directory>
<Directory /home/e-smith/files/ibays/client2/html>
AuthName "Client 2 Secure Area - Login Required"
AuthType Basic
AuthExternal pwauth
<Limit GET>
order deny,allow
require user marge moe millhouse chiefwigam ralph grampa abu ned seymour patty otto krusty
</Limit>
</Directory>
So each client has a user (or users) on my SME box, and .htaccess prevents client A's users from accessing the documents of client B.
I have a per-group solution to test for this but didn't get time to do it yet. This way you can authenticate against SME user groups rather than individual SME users.
Finally,
http://wiki.contribs.org/Certificates_signed_by_own_CA will allow you to use your own certs if you want to. This prevents browser errors which can put off some users.
Hope that helps.
Edit: I use WinSCP to manage/edit files on my SME box over SSH as I find this easier than using Vi or Pico as suggested in some of the Wiki pages. See
http://winscp.net
7 Replies
2044 Views