SOLVED: Re: using ssl on part of a website

On Mon, Aug 06, 2007 at 03:31:47PM -0700, Andrew Sackville-West wrote:
> On Mon, Aug 06, 2007 at 04:12:48PM -0500, Sam Leon wrote:
> >
> >
> > Andrew Sackville-West wrote:
> >> On Mon, Aug 06, 2007 at 01:08:43PM -0700, Andrew Sackville-West wrote:
> >>
> >>> Hi guys, I'm having real trouble figuring out how to do this.
> >>> I've got a wiki running ikiwiki and I'd like to get the log-in/editing
> >>> portion out of clear text. the obvious thing seems to be to use SSL,
> >>> but I don't want to ssl the whole site, just the part accessed through
> >>> the cgi scripts that take logins and edit stuff. Can someone give me
> >>> some pointers?
> >
> > There is a pretty good newbie walk through at the ubuntu forum:
> > http://ubuntuforums.org/showthread.php?t=4466
>
> <shudder> wading through those can be tough, but it got me some useful
> information. mostly that my rewrite looks to be proper, and in fact it
> does work to a point.
>
> Once i navigate to the cgi script, it redirects to
> https://site.org/ikiwiki.cgi...., and presents me with the login
> screen, but after entering correct information and clicking "login" it
> returns an error page 'Error: "do" parameter missing' so something is
> lost in the translation there...
>

problem restated: ikiwiki includes a login system, but that puts passwords in clear text. This is a problem when on public networks, especially wireless.

solution: don't mess with mod-rewrite or anything like that. create two stanzas in your httpd.conf by whatever method you use. 1) stanza

<VirtualHost *:80>...

and one

<VirtualHost *:443>...

set up the cgi stuff in the second stanza.

then reconfigure the ikiwiki.setup file:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

url => "http://example.com/path/to/wiki" cgiurl => "https://example.com/path/to/wiki/ikiwiki.cgi"

reubild the wiki and you're done.

that looks to me to be the best way to use SSL with ikiwiki.

A

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: Digital signature