User:Alvonruff/HTTPS Notes
From ISFDB
Contents |
Apache
- dnf install mod_ssl
- systemctl restart httpd
- httpd -M
- cd /etc/httpd/conf.d
- Create file isfdb2.org.conf
- Add the following contents:
<VirtualHost *:80>
ServerName stage.isfdb2.org
DocumentRoot /var/www/html
ServerAlias isfdb2.org
ErrorLog /var/www/error.log
CustomLog /var/www/requests.log combined
Redirect permanent / https://isfdb2.org/
</VirtualHost>
- systemctl restart httpd
Certificate Support Software
- dnf install epel-release
- dnf install snapd
- dnf install certbot
- dnf install python3-certbot-apache
Certificates
- certbot --apache
- Select isfdb2.org
- systemctl restart httpd
Settings
- Change PROTOCOL in localdefs.py to "https"
- Change $wgServer in /var/www/html/wiki/LocalSettings.php to use https
- Go to the wiki and type MediaWiki:Sidebar in the search window. Edit that page and change http to https
The New Password Algorithm
This code replaces the current version in submitlogin.py:
wikiPass = record[0][1]
# Extract the various fields stored in the user_password field
fields = string.split(str(wikiPass), ":")
encryption = fields[1]
hashAlgo = fields[2]
cost = int(fields[3])
keylen = int(fields[4])
# Decode the salt and key fields
base64_salt = fields[5]
base64_key = fields[6]
salt = base64.b64decode(base64_salt)
dbaseKey = base64.b64decode(base64_key)
submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost)
if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey):
doError('Bad password')
Certificate Renewals
The current status of the certificates can be seen with: certbot certificates
A renewal can be performed with: /usr/bin/certbot renew --cert-name isfdb2.org
Issues to Resolve
None now.
