pátek 4. dubna 2014

non-standard SSL port for apache (on CentOs) and owncloud

The procedure is not limited to owncloud installation, of course.

Install SElinux tools: 

# yum install setools-gui setroubleshoot checkpolicy

check available (i.e. already allowed) http port 

# semanage port -l | grep http

http_port_t          tcp   80, 81, 443, 488, 8008, 8009, 8443, 9000

For custom ports, see RedHat docs. In short, the  correct command for port 12345 is

# semanage port -a -t http_port_t -p tcp 12345

then change port in conf.d/ssl.conf, or add a "virtual host: for owncoud:

vim /etc/httpd/conf.d/owncloud.conf:
 <Directory /var/www/html/owncloud>
  AllowOverride All
</Directory>

Listen 12345
and include the Virtual host part from the ssl.conf 
<VirtualHost *:12345>
DocumentRoot "/var/www/html/owncloud"

ErrorLog logs/ssl_oc_error_log
TransferLog logs/ssl_oc_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
CustomLog logs/ssl_oc_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Vystavil v
Štítky: , , ,

Žádné komentáře:

Okomentovat

Přihlásit se k odběru: Komentáře k příspěvku (Atom)