#1 Le 24/08/2016, à 20:21
- Sandrew
[Apache] SSL + Authentication + Transmission Authentication
Salut,
J'ai installe Apache et je souhaite que toutes les requetes soient servies sur 443, apres authentification. Pour l'instant, la requete a servir est Transmission Web, qui a sa propre methode d'authentification. J'ai donc configure 2 hotes virtuels dans Apache:
- Le premier redirige toutes les requetes vers 443
- Le second configure SSL et la demande d'authenfication d'Apache
- Transmission Web prend le relai si l'etape precedente reussi, et demande son propre mot de passe.
J'arrive a configurer SSL, mais pas a faire marcher Apache Authentification avec Transmission Web authentification. Si les 2 sont actives, la barre des taches de mon navigateur affiche "Connecting to Transmission" et "Looking up Transmission" en succession rapide. Un peu comme si activer la demande de mot de passe dans Apache fait oublier des parametres sur comment atteindre Transmission Web. Dans les config ci-dessous, j'ai desactive Apache authentification (Fonctionne donc en faisant 80 -> 443 -> Transmission Web Authentification). Pouvez vous m'aider a trouver ce que j'ai rate ? (et donc faire 80 -> 443 -> Apache Authentification -> Transmission Web Authentification)
Apache Config
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
<VirtualHost *:443>
ServerAdmin admin@domain.com
ServerName localhost
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
# AuthName "Access Restricted"
# AuthType Basic
# AuthUserFile "/etc/apache2/.htpasswd"
# Require valid-user
</Location>
ProxyPass /transmission http://localhost:60023/transmission
ProxyPassReverse /transmission http://localhost:60023/transmission
SSLEngine On
SSLProxyEngine On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLCertificateFile /etc/ssl/certs/transmission.crt
SSLCertificateKeyFile /etc/ssl/private/transmission.key
ErrorLog /var/log/apache2/error.log
LogLevel warn
</VirtualHost>Celle de Transmission
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "http://www.example.com/blocklist",
"cache-size-mb": 4,
"dht-enabled": true,
"download-dir": "/home/sftp/incoming/torrent/seeding",
"download-limit": 1500,
"download-limit-enabled": 0,
"download-queue-enabled": false,
"download-queue-size": 5,
"encryption": 1,
"idle-seeding-limit": 30,
"idle-seeding-limit-enabled": false,
"incomplete-dir": "/home/sftp/incoming/torrent/downloading",
"incomplete-dir-enabled": true,
"lpd-enabled": false,
"max-peers-global": 200,
"message-level": 1,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 200,
"peer-limit-per-torrent": 50,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"port-forwarding-enabled": false,
"preallocation": 1,
"prefetch-enabled": 1,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 4,
"ratio-limit-enabled": true,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "{2cf4b550ed5cd344331475189b0fabf953965db4KwlNYuV7",
"rpc-port": 60023,
"rpc-url": "/transmission/",
"rpc-username": "debian",
"rpc-whitelist": "127.0.0.1",
"rpc-whitelist-enabled": false,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"start-added-torrents": true,
"trash-original-torrent-files": false,
"umask": 2,
"upload-limit": 100,
"upload-limit-enabled": 0,
"upload-slots-per-torrent": 14,
"utp-enabled": true,
"watch-dir": "/home/sftp/incoming/torrent/watch",
"watch-dir-enabled": true
}S
Hors ligne
#2 Le 24/08/2016, à 21:40
- jean-luc5629
Re : [Apache] SSL + Authentication + Transmission Authentication
Bonsoir;
Pour Apache, je ne saurais trop t'expliquer, car j'utilise Nginx en reverse proxy, mais par contre ma config transmission au niveau rpc est différente de la tienne, et pourrait donc te guider :
"rpc-authentication-required": false,
"rpc-bind-address": "127.0.0.1",
"rpc-enabled": true,
"rpc-password": "{5d19c475403ada26e1f9ba6756eb77c66d29f791DoLSvOMg",
"rpc-port": 51421,
"rpc-url": "/transmission/",
"rpc-username": "transmission",
"rpc-whitelist": "127.0.0.1",
"rpc-whitelist-enabled": true, -Pas d'authentification via transmission, j'utilise celle de Nginx
-port d'écoute locale uniquement (Nginx écoute dessus)...moins il y a de ports en écoute sur le 0.0.0.0, mieux c'est..et surtout inutilement...
Et pour Nginx, voilà à quoi ça ressemble (j'ai 3 seedbox sur mon serveur) :
location ^~ /transmission {
root /var/www;
index index.html index.php;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if ($remote_user ~ ^$) {return 404;break;}
#user1
if ($remote_user = "user1") {
proxy_pass http://127.0.0.1:51421;
break;
}
#user1
#user2
if ($remote_user = "user2") {
proxy_pass http://127.0.0.1:51422;
break;
}
#user2
#user3
if ($remote_user = "user3") {
proxy_pass http://127.0.0.1:51423;
break;
}
#user3
}Avec plus haut dans le vhost l'authentification des utilisateurs :
auth_basic "access";
auth_basic_user_file "/etc/nginx/passwd/all_passwd";Alors si ça peut te donner des idées.
A+++
Dernière modification par jean-luc5629 (Le 24/08/2016, à 21:41)
Hors ligne
#3 Le 29/08/2016, à 18:37
- Sandrew
Re : [Apache] SSL + Authentication + Transmission Authentication
Hello,
Merci pour la reponse. Je n'ai pas - encore - trouve la solution, mais j'ai suivi le conseil de faire ecouter transmission en local. C'est toujours ca de pris.
++
S
Hors ligne