download 0.1 src tgz | more downloads | browse svn | home page
This is a simple tool for managing a collection of file shares/networks (FTP, SSH, SMB/CIFS, etc.), conglomerating them into a single unified “gateway” that can then be re-exported.
Part of this acts like
mount -a in mounting/unmounting a set of filesystems, but features:
The rest of this is mostly documentation on how to configure your own servers to do what you want.
The following is a summary of Creating Certificate Authorities and self-signed SSL certificates.
Generate a CA:
openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Generate a certificate-signing request (CSR), using your server domain name as the “common name” when prompted for it:
openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr
Sign the certificate with the CA:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Examine what you have so far:
openssl rsa -noout -text -in server.key openssl req -noout -text -in server.csr openssl rsa -noout -text -in ca.key openssl x509 -noout -text -in ca.crt
Create insecure version of the key, so that you don’t need to enter a password when you start Apache:
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
Secure the keys:
chmod 600 *.key sudo chown root *.key
By now you should have the following files; make all the .key files accessible only to root!
Allow users to download and install ca.crt, then you’re set!
Setting up SSL: Ubuntu and Apache 2 is the continuation of the above guide. The following is the summary.
default site in
/etc/apache2/sites-available/ as site
ssl and edit it so that the argument to the
VirtualHost elements are
*:443 instead of
*. This causes this host to be effective only on that port (
VirtualHost are always paired up). Lastly, adjust the root directory to be something like
/var/www-ssl/ instead of
Insert the following incantation under
VirtualHost, pointing to wherever you put your certificates:
SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateChainFile /etc/apache2/ssl/ca.crt SSLCACertificateFile /etc/apache2/ssl/ca.crt
Verify that a configuration file has
Listen 443. Now, enable the SSL module and the site we just configured, and reload Apache:
sudo a2enmod ssl sudo a2ensite ssl sudo service apache2 reload
If you see a warning about Apache being forced to resolve for its domain name, you may get rid of it by providing the domain name explicitly in
Test out the site by going to
Finally, make the CA certificate available to the world:
sudo ln -s /etc/apache2/ssl/ca.crt /var/www/
Have your users visit
http://www.mydomain.com/ca.crt to install your CA certificate first—thereafter, they will encounter no warnings about visiting your SSL sites.
Add something like the following to your
ssl site configuration:
<Directory /var/www-ssl/gw/> AuthType Basic AuthName "Login Required" AuthUserFile /var/www-ssl/gw/.htpasswd Require Valid-User </Directory>
Now create the
sudo mkdir /var/www-ssl/gw/ sudo htpasswd -c /var/www-ssl/gw/.htpasswd gw sudo service apache2 reload
Now simply create symlink to our gateway directory in
ln -s /path/to/gateway/ /var/www-ssl/gw/raw
https://www.mydomain.com/gw/ should now show you the gateway!
The FTP frontend means your users need to know how to use FTP, but there are numerous benefits that come from using an FTP client, including:
The FTP server we’ll use is ProFTPD.
Sharing Gateway is released under the GNU GPL3.
Copyright 2008 Yang Zhang.
All rights reserved.
Back to assorted.sf.net.