download 0.1 src tgz | more downloads | browse svn | home page
This is a simple tool for managing a collection of file shares/networks (FTP, SSH, SMB/CIFS, etc.), conglomerating them into a single unified “gateway” that can then be re-exported.
Part of this acts like mount -a in mounting/unmounting a set of filesystems, but features:
The rest of this is mostly documentation on how to configure your own servers to do what you want.
Requirements:
The following is a summary of Creating Certificate Authorities and self-signed SSL certificates.
Generate a CA:
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Generate a certificate-signing request (CSR), using your server domain name as the “common name” when prompted for it:
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
Sign the certificate with the CA:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Examine what you have so far:
openssl rsa -noout -text -in server.key
openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key
openssl x509 -noout -text -in ca.crt
Create insecure version of the key, so that you don’t need to enter a password when you start Apache:
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
Secure the keys:
chmod 600 *.key
sudo chown root *.key
By now you should have the following files; make all the .key files accessible only to root!
Allow users to download and install ca.crt, then you’re set!
Setting up SSL: Ubuntu and Apache 2 is the continuation of the above guide. The following is the summary.
Duplicate the default site in /etc/apache2/sites-available/ as site ssl and edit it so that the argument to the NameVirtualHost and VirtualHost elements are *:443 instead of *. This causes this host to be effective only on that port (NameVirtualHost and VirtualHost are always paired up). Lastly, adjust the root directory to be something like /var/www-ssl/ instead of /var/www/.
Insert the following incantation under VirtualHost, pointing to wherever you put your certificates:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCertificateChainFile /etc/apache2/ssl/ca.crt
SSLCACertificateFile /etc/apache2/ssl/ca.crt
Verify that a configuration file has Listen 443. Now, enable the SSL module and the site we just configured, and reload Apache:
sudo a2enmod ssl
sudo a2ensite ssl
sudo service apache2 reload
If you see a warning about Apache being forced to resolve for its domain name, you may get rid of it by providing the domain name explicitly in apache2.conf with ServerName www.mydomain.com.
Test out the site by going to https://www.mydomain.com/.
Finally, make the CA certificate available to the world:
sudo ln -s /etc/apache2/ssl/ca.crt /var/www/
Have your users visit http://www.mydomain.com/ca.crt to install your CA certificate first—thereafter, they will encounter no warnings about visiting your SSL sites.
Add something like the following to your ssl site configuration:
<Directory /var/www-ssl/gw/>
AuthType Basic
AuthName "Login Required"
AuthUserFile /var/www-ssl/gw/.htpasswd
Require Valid-User
</Directory>
Now create the .htpasswd file:
sudo mkdir /var/www-ssl/gw/
sudo htpasswd -c /var/www-ssl/gw/.htpasswd gw
sudo service apache2 reload
Now simply create symlink to our gateway directory in /var/www-ssl/:
ln -s /path/to/gateway/ /var/www-ssl/gw/raw
https://www.mydomain.com/gw/ should now show you the gateway!
The FTP frontend means your users need to know how to use FTP, but there are numerous benefits that come from using an FTP client, including:
The FTP server we’ll use is ProFTPD.
Sharing Gateway is released under the GNU GPL3.
Copyright 2008 Yang Zhang.
All rights reserved.
Back to assorted.sf.net.