Open jksinton opened 7 years ago
Can you post details of exactly what you did and I'll check out if this can be added to install. The guide here seems to be the necessary steps; Is that what you did? https://debian-administration.org/article/349/Setting_up_an_SSL_server_with_Apache2
One of the issues will be the certificate. Did you use a self-signed one, e.g. generated by apache2?
Hey Robert:
Apologies for the slow reply.
Yeah I configured Apache with similar steps discussed in that tutorial as well as these: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04 https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/
I'm using self-signed certificates. I don't think there would be an easy way to script an installation that supports "trusted" certificates.
I'm only listening on port 443. This might be optional, but in my case I don't mind only allowing traffic on the SSL port. ports.conf:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
#Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Then I edited the default-ssl.conf to include what seemed to be important from raspicam.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin <myemail>
DocumentRoot /var/www
<Directory /var/www/cam>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
...
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnvIf Request_URI "/cam_pic.php$|/status_mjpeg.php$" dontlog
CustomLog ${APACHE_LOG_DIR}/access.log common env=!dontlog
...
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
...
</VirtualHost>
</IfModule>
I'm not sure how Apache is handling that double call to CustomLog for access.log.
Finally, I enabled default-ssl as a site on Apache and disabled raspicam.
Has anyone tried using Caddy for protection?
(https://caddyserver.com/docs/automatic-https)
nano /etc/caddy/Caddyfile:
myWriteIP.com { reverse_proxy 127.0.0.1:81 }
I have not tried using Caddy
In principle, one should be able to make it work but the install would have to be done manually.
It might be easiest to do a basic install say with Apache first as this would get the basic files and support infrastructure in place.
The one would need to install Caddy with php support and configure that to use the site files under /var/www.
The apache server could then be disabled / removed.
I've customized my Apache configuration to use SSL with the RPi Cam Web Interface. Can we add this option?