[HOWTO] MLDonkey via SSL / HTTPS using Apache's mod_proxy

Forum to discuss the DonkeyFire Mozilla Firefox extension (MLDonkey integration).

[HOWTO] MLDonkey via SSL / HTTPS using Apache's mod_proxy

Notapor john_doe el Jue Feb 28, 2008 11:52 pm

Ok, in order to enforce security, and only if you're as crazy as I am, you can access your MLDonkey web interface through Apache making use of SSL encryption. This is done making use of mod_proxy[0], which basically turns your Apache web server into an http proxy.
You will find this very useful since can be used to add encryption to many other services which may lack of it.

I will assume you know the basics of HTTP protocol. If not read this.

Let's divide this tutorial in two sections:

Installation of Apache web server:

IF YOU HAVE ALREADY A RUNNING APACHE 2.x OR 1.3 SKIP THIS SECTION.

I'll assume you've already installed MLDonkey, it's running smoothly, and you access it's web interface through 4080 port.

First of all Apache will need to be installed.

Under Debian GNU/Linux (and I guess for any other Debian based distribution) it's enough to apt-get it.
Login to your box, su - root, sudo, or login as root, and proceed this way:

Install Apache.

Código: Seleccionar todo
# apt-get install apache2


Install OpenSSL.

Código: Seleccionar todo
# apt-get install openssl ssl-cert


Under Microsoft Windows just download Apache from
here. Install it the "next, next, finish" way, and you're done.
You can have Microsoft Internet Information Services and Apache together in the same computer, just make them listen on different ports. Or proxy your IIS through Apache like you're about to do with MLDonkey ;)

Under those, described above, and any other platform you can always do an installation compiling from sources, but will not be explained on this tutorial.
You can find some help about compiling from source code here.

To test if it's running, just point your favorite web browser to http://yourhost/.
You should see a white page with the phrase "It works" at the top left corner.
Now you're done with installation.

Note: Troubleshoot on Apache installation is out of this tutorial scope, so none will be detailed.
Sorry...(there are lots of tutorials about installing Apache over the Internet...you can trust your destiny to uncle Google ;)).

Configuring Apache to behave as proxy:

We'll configure a virtual host listening at 443 port using SSL and mod_proxy.

Ok, you have Apache running and answering requests at you 80 port.
Now, you need to generate a certificate.

We're going to generate a SSL certificate, which will be used by Apache to encrypt traffic between clients and itself.
Since no trusted certificate authority will sign it, warning messages will be prompted by web browser.
This does not result in any problem. Are just informative messages.

To generate the certificate you need to do:

Código: Seleccionar todo
# openssl req $@ -new -x509 -days 365 -nodes -out
/etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

Generating a 1024 bit RSA private key
.................................................++++++
...........................................++++++
writing new private key to '/etc/apache2/apache.pem'


Here it will ask for some input.

Código: Seleccionar todo
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:


Check permissions:

Código: Seleccionar todo
# chmod 600 /etc/apache2/apache.pem


Now you need to make Apache listen on 443 port. You should edit /etc/apache2/ports.conf with your favourite editor, or append this way:

Código: Seleccionar todo
# echo "Listen 443" >> /etc/apache2/ports.conf


Now we need to enable mod_ssl:

Código: Seleccionar todo
# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.


Apache needs to be restarted:

Código: Seleccionar todo
# /etc/init.d/apache2 restart


Now you should check it pointing your web browser to https://yourhost/

Finally we will need to configure a virtual host in order to access MLDonkey web interface.
Since Apache version 2, virtual hosts are configured adding small files, containing the VirtualHost block, to /etc/apache2/sites-available and then linked to /etc/apache2/sites-enabled in order to make administration of virtual hosts easy.
So, for Apache 2.x create a file containing this block structure:

Código: Seleccionar todo
# This sets this virtual host to port 443
NameVirtualHost *:443
# Starts virtual host block.
<VirtualHost *:443>
# This is the name which Apache will forward to MLDonkey when reciving a request.
   ServerName mldonkey.yourhost.com
# This turns SSL on for this virtual host.
   SSLEngine On
# Here you tell Apache where to find the ssl cetificate you created just before.
   SSLCertificateKeyFile ssl/apache.pem
# Same as above.
   SSLCertificateFile ssl/apache.pem
# This allows or prevents Apache from functioning as a forward proxy server. Set it to Off for security reasons.
   ProxyRequests Off
# This block let you set directives that will apply only to matching proxyed content. Shell-style wildcards are allowed.
   <Proxy *>
# We set the order so first it will deny and, if request meet the condition below, then it will allow.
           Order deny,allow
# Here we allow anyone to have access.
           Allow from all
# This ends the block.
   </Proxy>
# This makes root path (can be any path you desire) of this virtual host to look like a mirror of MLDonkey web interface.
   ProxyPass / http://mldonkey_host:4080/
# This takes care of redirects MLDonkey sends.
   ProxyPassReverse / http://mldonkey_host/
# This sets the file where errors will be logged.
   ErrorLog /var/log/apache2/error.log
# This defines the file where accesses will be logged.
   CustomLog /var/log/apache2/access.log common
# This ends the virtual host block.
</VirtualHost>


Now it's left to enable this virtual host:

Código: Seleccionar todo
# ln -s /etc/apache2/sites-available/virtual_host_file /etc/apache2/sites-enabled/virtual_host_file


For Apache 1.3.x users:
For apache 1.3.x virtual hosts are defined inside httpd.conf file at virtual host section. The block is the same, no change must be done.


Finally Apache must be restarted to take the new virtual host:

Código: Seleccionar todo
# /etc/init.d/apache2 restart


Now point your browser to mldonkey.yourhost.com and you should be accessing MLDonkey web interface through Apache using SSL encryption for your safety.

Maybe you'll need to configure your routers/firewalls to properly
forward 443 port to the computer which Apache will run on.

Remember that the computer where MLDonkey runs and that where Apache
runs don't need to be the same. Both can be completely different and
distant machines connected through whatever network configuration you
want.


[0]http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

Ok, it's too late in the night, tomorrow (better said, today!) I must be up at 0500 for work, I'm tired...and cannot make the apache config block look decent...Buanzo could you please? ....

Bye!
Ultima edición por john_doe el Sab Mar 01, 2008 8:48 pm, editado 2 veces en total
A veeer...
homer@head:~# ln -s /dev/null /dev/brain
homer@head:~# doh!
bash: doh!: command not found
Connection to head closed.
Avatarde Usuario
john_doe
Amigo del Jefe
 
Posts: 133
Registrado: Dom Ene 07, 2007 11:44 am

[HOWTO] MLDonkey via SSL / HTTPS using Apache's mod_proxy

Sponsor

Sponsor
 

Re: Security Concerns

Notapor buanzo el Sab Mar 01, 2008 9:28 am

Hey, great tutorial! Looks good :P

It totally disagrees with my commenting standards (I put comments BEFORE the sentence in question, not after) :P

But it looks great. Thanks John!

Someone would like to implement it and bugfix it?
Avatarde Usuario
buanzo
Administrador
 
Posts: 673
Registrado: Sab Dic 09, 2006 11:17 am
Ubicación: Buanzonia (ok, Florida, Buenos Aires)

Re: Security Concerns

Notapor john_doe el Sab Mar 01, 2008 8:51 pm

buanzo escribió:It totally disagrees with my commenting standards (I put comments BEFORE the sentence in question, not after) :P


Am I Buanzo Standards Compliant now? :p
A veeer...
homer@head:~# ln -s /dev/null /dev/brain
homer@head:~# doh!
bash: doh!: command not found
Connection to head closed.
Avatarde Usuario
john_doe
Amigo del Jefe
 
Posts: 133
Registrado: Dom Ene 07, 2007 11:44 am

Re: Security Concerns

Notapor buanzo el Sab Mar 01, 2008 10:59 pm

:P
Yep
Avatarde Usuario
buanzo
Administrador
 
Posts: 673
Registrado: Sab Dic 09, 2006 11:17 am
Ubicación: Buanzonia (ok, Florida, Buenos Aires)


Volver a Buanzo's DonkeyFire

¿Quién está conectado...?

Usuarios navegando este Foro: No hay usuarios registrados visitando el Foro y 2 invitados

cron