Closed GoogleCodeExporter closed 9 years ago
I'm going to try having apache do the SSL and either do the cgi-bin thing or
more
likely try to do a mod-proxy proxy-pass thing, if apache can take it in as an
SSL
request and then proxy forward a regular HTTP request, that would be perfect,
since
apache is on the machine, and already handles the CA certificate chain stuff
that
shellinabox doesn't seem (to my limited experience) to do, and since the cgi-bin
setuid root way is scary. Since I don't really have any other https needs I
was just
making the router forward 443 to 4200 (when I tried to launch with 443, I got an
error- does it try to bind to the port after it drops root privileges? That
might be
a different issue...)... If I have time I'll look at how the certificate chain
stuff
works and try to help. BTW, great job, I used to use the java one, my job
recently
got uptight about me running SSH over 443 out their firewall, and this is the
perfect
thing at the perfect time.
Original comment by TomOeh...@gmail.com
on 18 Mar 2009 at 12:38
Proxy'ing through Apache should work, although I haven't tried it myself. And
there
might be performance issues, depending on how smart Apache is about keeping
connections open. Please report back on what you discover.
I know what needs to be done for chained certificates. It's not incredibly
complicated, but it needs maybe an hour or two of work and testing. Testing is
going
to be a little tricky, as I don't have any chained certificates available right
now.
I'll probably send you a version to play with, once I have the code ready. But
it
could be a couple of days before I get to doing that.
Yes, I know that you cannot bind to privileged ports. I think, it's easy to
fix. It
just hadn't come up as a particularly important issue. If it bothers you, feel
free
to open a new issue and I'll eventually submit a fix.
Original comment by zod...@gmail.com
on 18 Mar 2009 at 4:02
I'll create a chain of certs for you if need be, when I get to it.
Original comment by TomOeh...@gmail.com
on 18 Mar 2009 at 8:09
I turned on mod proxy and it works fine. As a side effect, my personal need for
chained certificate support is gone. I stuck in a:
ProxyPass /shell/ http://localhost:4200/
ProxyPassReverse /shell/ http://localhost:4200/
and Bob's your uncle...
Original comment by TomOeh...@gmail.com
on 19 Mar 2009 at 4:23
SVN now has support for chained certificates. Please re-open the issue if you
discover any problems with it.
Original comment by zod...@gmail.com
on 29 Mar 2009 at 9:55
Original issue reported on code.google.com by
TomOeh...@gmail.com
on 17 Mar 2009 at 3:07