View this PageEdit this PageUploads to this PageVersions of this PageHomeRecent ChangesSearchHelp Guide

How can I secure my Swiki Installation with SSL?

The Comanche Webserver doesn't have builtin SSL. So you have to put a SSL-wrapper around your swiki.
Preconditions:
swiki is running on http://swikihost:8080


Here are two possibilities:
  • Apache with mod_proxy
you need: working apache installation with mod_ssl and mod_proxy (mod_proxy and mod_proxy_http)
you add these two lines in your configuration (ssl-host paragraf):
        ProxyPass /refs http://swikihost:8080/refs
        ProxyPassReverse /refs http://swikihost:8080/refs
Now you can access your refs Swiki on https://yourhttpshost/refs


you can redirect all swikis on swikihost with these two Lines:
        ProxyPass / http://swikihost:8080/
        ProxyPassReverse / http://swikihost:8080/


  • stunnel
you need: stunnel installation (see http://www.stunnel.org)
server certifcate and private key (without passphrase), made with openssl: server.crt and server.key
copy them together in one File:
cat server.key server.crt >/etc/stunnel/stunnel.pem

create a /etc/stunnel/stunnel.conf File:
        key=/etc/stunnel/stunnel.pem

        [stunnel]
        accept=443
        connect=8080

start stunnel:
stunnel &

Now you can access your Swikis on https://yourhttpshost/


For both alternatives: Don't forget to block port 8080 on the firewall, when the swiki shall only be accessible by https.

Link to this Page

  • Swiki FAQ last edited on 7 May 2011 at 6:22 pm by 108-81-8-212.lightspeed.milwwi.sbcglobal.net