Question
- TWiki version: the latest
- Web server: Apache
- Server OS: Mac OS X Server
- Web browser: IE and Netscape (latest on both)
- Client OS: Mac OS X Server and Windows 2000
-- MichaelFinney - 18 Oct 2002
Answer
Sounds like you do want https access, i.e. using SSL. You need to configure Apache for SSL and use client-side certificates to authenticate users, but I haven't done this myself and it could be quite complex to get this working seamlessly. Reading up on OpenSSL and Apache's SSL variants/modules would be a good place to start. -- RichardDonkin - 19 Oct 2002 Richard, since I have an SSL enabled TWiki, let me step in.... The first thing you need to do is to secure down your TWiki, that is, setup the apache configuration files to handle TWiki using ssl and not serve the pages under standard http, (in Linux these will be in the/etc/http/conf/ directory, I'm not sure of where OS X places them).
I did most of that a long time ago, so I'm not sure of all the details, but the main things are in the mod_ssl configuration file ( ssl.default-vhost.conf ), and in the httpd.conf file, among other things ssl has to be configured as a VirtualHost.
You have to go through the standard key generation process (I can't help you much on that, even though I have done it a couple of times, it is always a bit painful), there are several guides in the web that tell you how to proceed, but probably the best would be to get the source code for Apache and check or run the mkcert.sh script.
The process essentially involves: - generating your certificate authority file
- generating your site certificate file
- signing your site certificate with the generated certificate authority
- placing your site certificate files in the right places (which will be configured in
mod_ssl) - optionally: setting up any scripts for automatic ssl certificate decoding (otherwise you will have to type a password every time apache is restarted, or live with unencripted keys)
mod_ssl configuration:
# Make sure that we always use the secure server
Redirect /twiki/index.html https://<your twiki server>/twiki/bin/view
ScriptAlias /twiki/bin/ "/var/www/https/twiki/bin/"
Alias /twiki/ "/var/www/https/twiki/"
<Directory "/var/www/https/twiki">
AllowOverride AuthConfig Limit FileInfo
ErrorDocument 401 /twiki/bin/view/TWiki/TWikiAccessError
</Directory>
<Directory "/var/www/https/twiki/pub">
Options FollowSymLinks +Includes
AllowOverride None # VERY important!!!!!
</Directory>
And now you have to take care of the script .htaccess files...
In your main TWiki directory /var/www/https/twiki/
AuthType basic AuthName "twiki" AuthUserFile /home/twiki/data/.htpasswd order deny,allow deny from all # Use This line if you want free access from inside your domain # allow from <your>.<domain>.<here>. # SSL is proxied, so it can only be accesed from localhost allow from 127.0.0.1 require valid-user satisfy anyInside your
twiki/bin directory, repeat for all protected scripts (you could use >Files *>, or some grep construct, but I like them separate), you can leave view unprotected if you like:
<Files "edit">
AuthUserFile /<path to your .htpasswd file>/.htpasswd
AuthName ByPassword
AuthType Basic
deny from all
require valid-user
</Files>
Inside your twiki/lib directory:
<FilesMatch "*">
deny from all
</FilesMatch>
I hope this at least gives you a solid starting point.
-- EdgarBrown - 31 Oct 2002 
Topic revision: r5 - 2002-11-29 - RichardDonkin
Site map
Blog web
Search
Changes
RSS Feed
Notifications
Statistics
Preferences
Register new user
Support Forum 
Ask a question
Open questions 
My recent questions
Get quick help in #twiki IRC channel
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.