Posted Dec 5, 2005 9:21:46 PM
Now that I've migrated my blog to a SQL Database, Blosxonomy had lost some of Blosxom like ease of use, so I decided it was necessary to create a web-based interface to post to my blog. I had originally thought I'd just use my entry-conversion utility and continue to write Blosxom style posts, but quickly decided that was absurd. For those of you keeping track of Blosxonomy, this feature will be included in 0.7.3, which is in the final testing stages now.
In any event, I needed to protect the page that posts to my website from being accessed, and use mod_ssl and mod_rewrite to do it.
In particular, I needed to hide /post from general access - to do this, I added a simple rewrite rule to redirect it to my SSL secured site:
RewriteRule ^/post(.*) https://www.timfanelli.com/post$1
Then, in my :443 virtual host, I added two redirect rules to pass anything other than /post back to the main site:
NameVirtualHost *:443 <VirtualHost *:443> ServerName www.myhostname.com # SSL Engine options go here # Directory authentication options go here RewriteEngine On RewriteRule /post(.*) /post$1 [PT,L] RewriteRule ^(.*)$ http://www.timfanelli.com$1 [R=301] </VirtualHost>
That way, any requests to /post stay on the SSL protected site, any other requests go back to the main, non-SSL site. The SSL Engine options section enables SSL and directs apache to use my self-signed certificate (see how to create one here), and I copied the <Directory> element from my main site into the virtual host, and added a Require valid-user statement using DIGEST authentication.
This provides a secure place for me to make entries to my blog, and prevents general viewing of my site via SSL to minimize the performance overhead (while I love my mac and the G4 processor, SSL is not its strong point).
( permalink |
add to del.icio.us?)
Posted Nov 20, 2005 3:11:45 PM
I just wanted to post some quick instructions on creating a self signed certificate that you can install into Apache 2 for use with mod_ssl. It seems that these instructions are hard to come by, and I thought it would be useful to just show how to do it without the messy explanations:
mkdir ~/sslcert cd ~/sslcert openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
server.key and server.crt are now your private key and self-signed public certificate pair. If you install them into Apache2, you'll notice that you're now prompted for your certificate password everytime you start the server. This is because your private key is stored in an encrypted format for security. It's recommended that you leave it this way, but if you really hate that password prompt starting apache, here's how you can decrypt your private key file:
cd ~/sslcert cp server.key server.key.orig openssl rsa -in server.key.orig -out server.key
( permalink |
add to del.icio.us?)