OpenEMM Technical Support Forum

The purpose of these forums is to get and give free technical support for OpenEMM. Spammers and their posts will be removed without prior warning.
https://iframe.agnitas.de/

OpenEMM webadmin + SSL width Apache2 and modssl

https://iframe.agnitas.de/viewtopic.php?t=650

Page 1 of 1

OpenEMM webadmin + SSL width Apache2 and modssl

Posted: Tue Feb 05, 2008 5:48 pm
by mhr
I am wondering that nobody in this forum seems to have a security problem with using openEMMs unencrypted port 8081 for administration..

Here's my Apache2-Proxy-SSL-howto for using OpenEMM's console over SSL:

1) install apache2 width mod_ssl and mod_proxy
2) setup a ssl-virtualhost (generate certificate,...) -> if you don't know how to do this.. just google ;)
3) configure mod_proxy using http://127.0.0.1:8081

Code: Select all

# Proxy ACL                                                                                                             
    <Proxy *>                                                                                                               
        Order deny,allow                                                                                                    
        Allow from all                                                                                                      
    </Proxy>                                                                                                                
                                                                                                                            
    # Proxy directives                                                                                                      
    ProxyPass / http://127.0.0.1:8081/                                                                                      
    ProxyPassReverse / http://127.0.0.1:8081/                                                                               
    ProxyPreserveHost on


4) add host-name option (f.e. example.test.com) to the host-tag in /home/openemm/conf/console.conf

Code: Select all

<host id="" host-name="https://example.test.com" root-directory="${resin.home}/webapps/openemm">
5) restart apache2 and restart openemm

Best,
Martin

Posted: Mon Sep 22, 2008 8:50 am
by olive
Does anyone know if this is the best way to secure admin access?

Are there any issues with OpenEMM being behind mod_proxy?

Is this what the OpenEMM devs would recommend?

Posted: Mon Sep 22, 2008 10:00 am
by maschoff
Actually, we have no recommendation. But if you guys work out a best practice procedure we are happy to include it in the official install guide.

Please note that since release 5.5.0 port 8081 has become 8080.

Posted: Thu Oct 02, 2008 3:17 pm
by barff-lab
I'm using a similar solution as the original poster, but using Lighttpd (http://www.lighttpd.net) as the proxy web server as it's more lightweight and easier to configure.

I've installed Lighttpd using yum (I'm using Fedora) and added the following directive to /etc/lighttpd/lighttpd.conf:

Code: Select all

proxy.server = ( "" =>
 ( (
     "host" => "127.0.0.1",
     "port" => 8080
  ) )
)
Then I created a self-signed SSL certificate (details on http://trac.lighttpd.net/trac/wiki/Docs%3ASSL) and enabled SSL support in Lighttpd as follows:

Code: Select all

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/lighttpd.pem"
}
This solution not only gives you a secure connection, but also enables you to use port 80 instead of OpenEMM's standard port 8080 (the port Lighttpd uses can be easily changed in the config file).

Regards,
Thomas
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited