Etch SSL Configuration

This document is out of date. Please use this guide instead: How_do_I...Provide_HTTPS_access_to_Deki_Wiki

Here are the steps to configure Deki Wiki to use SSL. Note, these commands are for Debian Etch but configuration on other distros should be straight forward.

Adapted from: http://www.debian-administration.org/articles/349

Generating a self-signed certificate

If you don't already have an SSL certificate you can generate a self-signed certificate as follows:

mkdir /etc/apache2/ssl
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

Enabling SSL Support

To use the SSL facilities of Apache2 you must enable the module mod_ssl, this can be achieved using the helper tool a2enmod (We've previously discussed the Apache2 helper scripts.)

As root run:

earth:~# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Once this is done you'll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 - and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:

Listen 443

With these two steps out of the way you now have an Apache setup which will listen for and accept SSL connections. The next step is to modify your virtualhosts to use it.

Configuring Deki Wiki SSL VirtualHost

With a certificate setup, and the server updated to load and listen for incoming SSL connections you're almost finished. The final step is to ensure that your deki wiki virtual host will accept SSL options.

Example: Deki Wiki accessible with or without SSL

<VirtualHost *:80>
        ServerName deki-hayes

        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log common

        DocumentRoot "/var/www/deki-hayes"

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/$
        RewriteRule ^/$ /index.php?title= [L,NE]

        RewriteCond %{REQUEST_URI} !/(@api|editor|skins|config)/
        RewriteCond %{REQUEST_URI} !/(redirect|texvc|index|Version).php
        RewriteCond %{REQUEST_URI} !/error/(40(1|3|4)|500).html
        RewriteCond %{REQUEST_URI} !/favicon.ico
        RewriteCond %{REQUEST_URI} !/robots.txt
        RewriteCond %{QUERY_STRING} ^$ [OR] %{REQUEST_URI} ^/Special:Search
        RewriteRule ^/(.*)$ /index.php?title=$1 [L,QSA,NE]

        # deki-api uses encoded slashes in query parameters so AllowEncodedSlashes must be On
        AllowEncodedSlashes On

        # mod_proxy rules
        ProxyPass /@api http://localhost:8081 retry=1
        ProxyPassReverse /@api http://localhost:8081
        SetEnv force-proxy-request-1.0 1
        SetEnv proxy-nokeepalive 1
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem

        ServerName deki-hayes

        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log common

        DocumentRoot "/var/www/deki-hayes"

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/$
        RewriteRule ^/$ /index.php?title= [L,NE]

        RewriteCond %{REQUEST_URI} !/(@api|editor|skins|config)/
        RewriteCond %{REQUEST_URI} !/(redirect|texvc|index|Version).php
        RewriteCond %{REQUEST_URI} !/error/(40(1|3|4)|500).html
        RewriteCond %{REQUEST_URI} !/favicon.ico
        RewriteCond %{REQUEST_URI} !/robots.txt
        RewriteCond %{QUERY_STRING} ^$ [OR] %{REQUEST_URI} ^/Special:Search
        RewriteRule ^/(.*)$ /index.php?title=$1 [L,QSA,NE]

        # deki-api uses encoded slashes in query parameters so AllowEncodedSlashes must be On
        AllowEncodedSlashes On

        # mod_proxy rules
        ProxyPass /@api http://localhost:8081 retry=1
        ProxyPassReverse /@api http://localhost:8081
        SetEnv force-proxy-request-1.0 1
        SetEnv proxy-nokeepalive 1
</VirtualHost>

Example: Deki Wiki accessible only via SSL

<VirtualHost *:80>
        ServerName deki-hayes

        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log common

        DocumentRoot "/var/www/deki-hayes"

        RewriteEngine On
        RewriteRule ^(.*)$ https://deki-hayes$1 [L,R]
 </VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem

        ServerName deki-hayes

        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log common

        DocumentRoot "/var/www/deki-hayes"

        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/$
        RewriteRule ^/$ /index.php?title= [L,NE]

        RewriteCond %{REQUEST_URI} !/(@api|editor|skins|config)/
        RewriteCond %{REQUEST_URI} !/(redirect|texvc|index|Version).php
        RewriteCond %{REQUEST_URI} !/error/(40(1|3|4)|500).html
        RewriteCond %{REQUEST_URI} !/favicon.ico
        RewriteCond %{REQUEST_URI} !/robots.txt
        RewriteCond %{QUERY_STRING} ^$ [OR] %{REQUEST_URI} ^/Special:Search
        RewriteRule ^/(.*)$ /index.php?title=$1 [L,QSA,NE]

        # deki-api uses encoded slashes in query parameters so AllowEncodedSlashes must be On
        AllowEncodedSlashes On

        # mod_proxy rules
        ProxyPass /@api http://localhost:8081 retry=1
        ProxyPassReverse /@api http://localhost:8081
        SetEnv force-proxy-request-1.0 1
        SetEnv proxy-nokeepalive 1
</VirtualHost>

Retrieved from "http://wiki.developer.mindtouch.com/User:PeteE/Etch_SSL_Configuration"

Tag page
What links here

Files 0

Attach file or image

Images 0

Viewing 3 of 3 comments: view all

RickCogley says:

Hello - this does not fully work for a multi-tenant approach I think. Is there something else you need to do to get it to work?

Posted 10:58, 11 Dec 2007

petee says:

Hi Rick - I changed the FAQ entry for steps on how this should work with the latest bits from trunk (which will soon be released as 1.8.3). You can find the guide here:

http://wiki.opengarden.org/Deki_Wiki/FAQ/Configuration/How_do_I...Provide_HTTPS_access_to_Deki_Wiki%3f

Posted 21:49, 11 Dec 2007