[Index] [TitleIndex] [WordIndex

Site Index:

Contents

  1. Introduction
  2. HTTPS Configuration
  3. Encrypted Password Configuration

Introduction

The following explains how to setup the Freevo webserver with SSL, and local encrypted passwords. It is assumed that the basic configuration has been completed as described here: http://freevo.sourceforge.net/cgi-bin/doc/Webserver

HTTPS Configuration

Download and install OpenSSL

Download and install stunnel

Copy tools/stunnel.cnf from the source to /etc/stunnel/stunnel.cnf

If you installed from a package such as a RPM you may need to download the source just for this file.

Edit /etc/stunnel/stunnel.conf (stunnel require stunnel.conf and stunnel.cnf) 

cert = /etc/stunnel/stunnel.pem
chroot = /var/lib/stunnel
client = no
setuid = freevo
setgid = freevo

[https]
accept  = 443
connect = 8080
TIMEOUTclose = 0

Generate a key for stunnel 

openssl req -new -x509 -days 365 -nodes -config /etc/stunnel/stunnel.cnf -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

Change permissions on /etc/stunnel/stunnel.pem 

chmod 600 /etc/stunnel/stunnel.pem

Configure Freevo to run the webserver on a different port and as a different user. This is done by adding the following to the local_conf.py 

WEBSERVER_PORT = 8080
WEBSERVER_UID = 80
WEBSERVER_GID = 80

Create the group and user that Freevo and STunnel will run under 

groupadd -g 80 freevo
useradd -c "Freevo Webserver" -d /home/freevo -g freevo -s /bin/false -u 80 freevo

Both Freevo and stunnel require the ability to write to certain folders. Make sure the freevo user or group has this ability. For troubleshooting stunnel add the following to /etc/stunnel/stunnel.conf 

foreground = yes

This will cause stunnel to run in foreground mode so you can monitor error logging

You have to change the group and the permissions of the freevo media directories You can do something like the following 

find /freevo -type d -exec chgrp freevo {} \;
find /freevo -type d -exec chmod g+ws {} \;

You should now be able to start stunnel and the Freevo webserver 

stunnel
freevo webserver start

You can optionally start stunnel on boot up by adding it to your rc.local, or another start up script

Encrypted Password Configuration

By default Freevo's webserver passwords are stored in plain text in your local_conf.py

Using the helper passwd allows us to generate and store encrypted passwords in the local_conf.py instead 

freevo passwd
Enter username:freevo
Enter password:password

This will dump something like this to the console 

'myusername' : 'S8RMR4YMAK2WSHDDCLDGWL00BYF43DFM'

Take this string and add it to WWW_USERS in your local_conf.py

2014-02-15 05:47