Jamf Nation Community

henryxyz · ‎02-05-2018

Trying to setup a more secure load balanced distribution point environment. Currently have HTTP and SAMBA distribution point using port 80 on RHEL. Due to security concerns, need to secure it by using HTTPS and TLS 1.2. Could not find information on installing root/issuing/SSL certificates on Linux, changing port to 443 only (no HTTP), getting httpd/apache to use HTTPS instead of HTTP. Anyone successfully do this? Does it work?

rderewianko · ‎02-05-2018

What are you running HTTP on nginx or Apache?

On apache you'll want todo something like this
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache

(Google redirect http to https)
Nginx: https://bjornjohansen.no/redirect-to-https-with-nginx

Both these you ideally want to enable a virtual server on 443 instead.

henryxyz · ‎02-05-2018

We are running Apache on RHEL. The security folks want HTTP altogether. They scan any server running HTTP.

al_platt · ‎02-06-2018

We use Debian, all HTTPS.

From my notes.

openssl req -new -newkey rsa:2048 -nodes -keyout dp.mycompany.com.key -out dp.mycompany.com.csr

Generate cert with CA and then copy that file to the same folder as the .key and .csr

Create caspershare.conf in sites /apache2/sites-available as below,

QuotedText

SSLEngine on

SSLCertificateFile /etc/ssl/dp.mycompany.com.cer

SSLCertificateKeyFile /etc/ssl/dp.mycompany.com.key

SSLCertificateChainFile /etc/ssl/CAROOT.cer

DocumentRoot /var/www/html/

DirectoryIndex index.php

CustomLog "/var/log/apache2/caspershare.log" combined

AllowOverride all

Order allow,deny

Allow from all

</Directory>

QuotedText

Then run

sudo a2enmod ssl
a2ensite caspershare.conf
sudo a2dismod autoindex

Then restart Apache, RSYNC the lot and you're good to go.

Al

Jamf Nation Community

HTTPS for Distribution Point on Linux