QA Cafe - Knowledgebase - How can I password protect and encrypt BuddyWeb?

Knowledge Base > How can I password protect and encrypt BuddyWeb?

How can I password protect and encrypt BuddyWeb?

It is possible to protect BuddyWeb with SSL encryption and user authentication by using the Apache web server as a proxy. This allows for BuddyWeb to be accessible to the public Internet in a secure manner. These instructions are for Ubuntu but should be a guide for any supported Linux distribution.

Our example scenario assumes that BuddyWeb is running on the host 172.16.1.99, port 8015. This BuddyWeb can be installed on the same computer as Apache, or on any other computer that Apache can access over IP.

NOTE: This configuration assumes a fresh install of Apache. If you are merging this configuration into an existing Apache setup, the results are undefined.

Please run the following from a terminal:

sudo apt-get install apache2
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_http

Next you must edit the file /etc/apache2/mods-enabled/proxy.conf. First, turn ProxyRequests Off. If you enable it, you will turn your server into an open relay, which is very easily abused. Then, please replace the Proxy configuration block with the following, and save the file. Note that 172.16.1.99 is the address of the BuddyWeb server, which may or may not be the same IP as the server running the Apache proxy:

        ProxyRequests Off #Setting to On makes you an open relay!   Be careful!
        <Proxy 172.16.1.99>
                AddDefaultCharset off
                Order deny,allow
                Deny from all
                Allow from 172.16.1.99
        </Proxy>

Please ensure that /etc/apache/ports.conf is configured to listen to port 443:

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

In this htpasswd command, <buddyweb user> can be any username you wish. This is the username you will use to access BuddyWeb. The password will be asked for during this command.

sudo htpasswd -c /usr/buddyweb/etc/apache_auth <buddyweb user>

The following is a preconfigured apache host. Please edit the file /etc/apache2/sites-enabled/buddyweb-proxy. Paste the following configuration into the file. Be sure to update the example IP addresses below with your own:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
  <Location />
    AuthType Basic
    AuthName "Login to Buddyweb 2.0"
    AuthUserFile /usr/buddyweb/etc/apache_auth
    Require valid-user
  </Location>

  ProxyPass / http://172.16.1.99:8015/
  ProxyPassReverse / http://172.16.1.99:8015/
  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/ssl_access.log combined
  LogLevel warn

  SSLEngine on
  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  SSLCertificateFile /usr/buddyweb/certs/server.pem
  SSLCertificateKeyFile /usr/buddyweb/certs/skey.pem
  BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

Now that the above file is saved, you can issue a restart command to apache:

sudo /etc/init.d/apache2 restart

This will start the Apache server. There may be some runtime warnings, but it should start and be accessible at https://<your Apache IP>/. Please keep in mind that it is using the BuddyWeb self-signed certificates and you may have to make an initial security exception to import the certificate. This is normally done once per web browser, since it will store the certificate from then on. After the certificate has been accepted, the browser will ask for a username and password each time the browser is started.

Related articles that may also be helpful: