OpenEMM webadmin + SSL width Apache2 and modssl

Use this forum for questions regarding installation, upgrading and configuration of OpenEMM

Moderator: moderator

Posts: 2
Joined: Tue Feb 05, 2008 5:21 pm

OpenEMM webadmin + SSL width Apache2 and modssl

Post by mhr »

I am wondering that nobody in this forum seems to have a security problem with using openEMMs unencrypted port 8081 for administration..

Here's my Apache2-Proxy-SSL-howto for using OpenEMM's console over SSL:

1) install apache2 width mod_ssl and mod_proxy
2) setup a ssl-virtualhost (generate certificate,...) -> if you don't know how to do this.. just google ;)
3) configure mod_proxy using

Code: Select all

# Proxy ACL                                                                                                             
    <Proxy *>                                                                                                               
        Order deny,allow                                                                                                    
        Allow from all                                                                                                      
    # Proxy directives                                                                                                      
    ProxyPass /                                                                                      
    ProxyPassReverse /                                                                               
    ProxyPreserveHost on 

4) add host-name option (f.e. to the host-tag in /home/openemm/conf/console.conf

Code: Select all

<host id="" host-name="" root-directory="${resin.home}/webapps/openemm">
5) restart apache2 and restart openemm

Posts: 3
Joined: Wed Sep 03, 2008 10:53 pm

Post by olive »

Does anyone know if this is the best way to secure admin access?

Are there any issues with OpenEMM being behind mod_proxy?

Is this what the OpenEMM devs would recommend?
Site Admin
Posts: 2628
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany

Post by maschoff »

Actually, we have no recommendation. But if you guys work out a best practice procedure we are happy to include it in the official install guide.

Please note that since release 5.5.0 port 8081 has become 8080.
OpenEMM Maintainer
Posts: 5
Joined: Thu May 08, 2008 4:10 pm
Location: Munich, Germany

Post by barff-lab »

I'm using a similar solution as the original poster, but using Lighttpd ( as the proxy web server as it's more lightweight and easier to configure.

I've installed Lighttpd using yum (I'm using Fedora) and added the following directive to /etc/lighttpd/lighttpd.conf:

Code: Select all

proxy.server = ( "" =>
 ( (
     "host" => "",
     "port" => 8080
  ) )
Then I created a self-signed SSL certificate (details on and enabled SSL support in Lighttpd as follows:

Code: Select all

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/lighttpd.pem"
This solution not only gives you a secure connection, but also enables you to use port 80 instead of OpenEMM's standard port 8080 (the port Lighttpd uses can be easily changed in the config file).

Post Reply