Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: sonoracomm on June 25, 2007, 09:13:20 PM
-
Hi folks,
I debated continuing a previous thread vs. tarting a new one. Hopefully this will benefit others... I hope someone who understands Apache will help those of us who don't. I'm guessing the answer to this question is particular to SME Server 7 as Googling for "SSL sugarcrm" didn't produce a flood of info...
I have a web application that I want to access via SSL. I might even prefer to access it via SSL in all circumstances. However, there is no security worry on the local network, only when accessed via the Internet.
Here is my current entry in httpd.conf for this app. It works fine for HTTP, but NOT for HTTPS:
# SugarCRM
Alias /crm /opt/SugarCRM
<Directory /opt/SugarCRM>
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from all
Satisfy all
AddType application/x-httpd-php .php .php3
php_admin_value open_basedir /opt/SugarCRM/:/tmp
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
I would like to make it work with SSL and, optionally, use rewrite to force SSL for all users all of the time.
I realize that .htaccess affects this, so I include it here for reference:
# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch /crm/sugarcrm.log.* http://linus/crm/log_file_restricted.html
RedirectMatch /crm/emailman.log http://linus/crm/log_file_restricted.html
RedirectMatch /crm/not_imported_(.*).txt http://linus/crm/log_file_restricted.html
RedirectMatch /crm/XTemplate/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/data/(.*).php http://linus/crm/index.php
RedirectMatch /crm/examples/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/metadata/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/modules/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/soap/(.*).php http://linus/crm/index.php
RedirectMatch /crm/emailmandelivery.php http://linus/crm/index.php
# END SUGARCRM RESTRICTIONS
Thanks in advance,
G
-
Here is my current entry in httpd.conf for this app. It works fine for HTTP, but NOT for HTTPS:
# SugarCRM
Alias /crm /opt/SugarCRM
<Directory /opt/SugarCRM>
Options -Indexes
AllowOverride all
First of all I would change this to AllowOverride None as this prevents your settings being overwritten by the use of .htaccess files and so on.
order deny,allow
deny from all
allow from all
Satisfy all
Denying from all, to after that allow from all makes not much sense to me. Perhaps you should allow specific users or specific domains/hosts. I use the user principle a lot, for instance in my subversion contrib. This way you can setup the location to uise SME Server based groups and users and the passwords set for the users.
AddType application/x-httpd-php .php .php3
php_admin_value open_basedir /opt/SugarCRM/:/tmp
Opening the /tmp dir for access makes your system more vulnerable, if you really need space to store tempoerary files you'd better create a temporary/var directory in the tree of your webspace and set the proper security for that (meaning that only your system user under which apache runs has a limited source of access to this folder and no one else.
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
I would like to make it work with SSL and, optionally, use rewrite to force SSL for all users all of the time.
I realize that .htaccess affects this, so I include it here for reference:
# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch /crm/sugarcrm.log.* http://linus/crm/log_file_restricted.html
RedirectMatch /crm/emailman.log http://linus/crm/log_file_restricted.html
RedirectMatch /crm/not_imported_(.*).txt http://linus/crm/log_file_restricted.html
RedirectMatch /crm/XTemplate/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/data/(.*).php http://linus/crm/index.php
RedirectMatch /crm/examples/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/metadata/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/modules/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/soap/(.*).php http://linus/crm/index.php
RedirectMatch /crm/emailmandelivery.php http://linus/crm/index.php
# END SUGARCRM RESTRICTIONS
Thanks in advance,
G
Your .htaccess file makes clear to me why it does not work from outside, as you have sepcified a local domain name and not a Full Qualified Domain Name (FQDN) like http://linus.domain.country/...
Hosts from outside are not able to resolve the linus host and will fail to access the system.
If you would like https you should add a https entry as well, for the port you use (probably 443), have a look at the way things are done with the server-manager in the /etc/httpd/conf/httpd/conf file and templates, this will probably help you a lot.
-
Here is my lazy fragment..
# sugar
Alias /sugar /opt/sugar/SugarOS-Full-4.5.0h
<Directory /opt/sugar/SugarOS-Full-4.5.0h>
SSLRequireSSL on
Options -Indexes
AllowOverride all
order deny,allow
deny from all
allow from all
Satisfy all
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
Maybe it's this bit you need...
SSLRequireSSL on