Tag Archives: SSL

How-tos, Linux

Pydio 8 with PHP 7 and SSL on Debian Stretch

Installing all dependencies:

# apt install mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-intl php7.0-mbstring php7.0-xml php7.0-zip php7.0-exif php7.0-apcu
apt install libapache2-mod-php

Ensure that apache support for PHP7 is enabled:

# a2enmod php7.0

Installing Pydio:

Download the installation archive.  Choose the Pydio Community Tar.gz archive.

Untar the archive into /var/www/html:

# cd /var/www/html
# tar -xvzf pydio-core-8.0.1.tar.gz

Fix permisions on folders:

# chown -R root:root pydio-core-8.0.1
# chown -R www-data:www-data pydio-core-8.0.1/data/

Create a symlink to the Pydio installation:

# ln -s pydio-core-8.0.1 pydio

In /etc/php/7.0/apache2/php.ini change:

output_buffering = 4096

to:

output_buffering = off

Creating self-signed certificates for Pydio:

# openssl req -x509 -nodes -days 1460 -newkey rsa:2048 -keyout /etc/ssl/private/pydio-selfsigned.key -out /etc/ssl/certs/pydio-selfsigned.crt
# openssl x509 -in /etc/ssl/certs/pydio-selfsigned.crt -out /etc/ssl/certs/pydio-selfsigned.pem -outform PEM

Configuring Apache for SSL:

Enable ssl on apache:

# a2enmod ssl

In the /etc/apalche2/sites-enabled directory:

# rm 000-default.conf
# ln -s ../sites-available/default-ssl.conf default-ssl.conf

In default-ssl.conf change the follwing line from:

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

To:

SSLCertificateFile /etc/ssl/certs/pydio-selfsigned.pem

Also change the following line from:

SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

To:

SSLCertificateKeyFile /etc/ssl/private/pydio-selfsigned.key

Configuring Apache for Pydio:

Create a configuration file on /etc/apache2/conf-available:

# cd /etc/apache2/conf-available
# vi pydio.conf

In pydio.conf add the following:

Directory /var/www/html/pydio>
Options Indexes FollowSymlinks
AllowOverride All
Require all granted
</Directory>

Once finished creating /etc/apache2/conf-available/pydio.conf create a symlink to it in /etc/apache2/conf-enabled:

# cd /etc/apache2/conf-enabled
# ln -s ../conf-available/pydio.conf pydio.conf

Restart Apache:

# systemctl restart apache2

Configuring MySQL/MariaDB:

Setup a password for Mysql/Mariadb (follow the prompts):

# mysql_secure_installation

Creating the database and user for Pydio

Create the pydio database:

# mysql -u root -p
create database pydio;

Create a database user for Pydio to use and grant it all access to the pydio database:

create user 'webuser'@'localhost' identified by 'USE A REALLY LONG AND STRONG PASSWORD';
GRANT ALL on pydio.* to 'webuser'@'localhost' identified by 'USE A REALLY LONG AND STRONG PASSWORD';

Final configuration:

To finish configuration, using a browser visit https://[URL of Server]/pydio and follow the prompts.  Keep in mind the names you used in the steps above for the Pydio database and the Pydio database user, you will need them for configuration.

How-tos, Linux

Pydio 7 with PHP7 and SSL on Debian Jessie

Add the dotdeb repository to get latest PHP 7.

# wget -O- https://www.dotdeb.org/dotdeb.gpg | apt-key add -

Create /etc/apt/sources.list.d/dotdeb.list and add the following:

deb http://packages.dotdeb.org jessie all

Once that is done run the following commands:

# apt-get update
# apt install mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-curl php7.0-json php7.0-gd php7.0-intl php7.0-mbstring php7.0-xml php7.0-zip php7.0-exif php7.0-apcu
apt-get install libapache2-mod-php

Disable apache support for php5:
# a2dismod php5

Enable apache support for php7:

# a2enmod php7.0

Add the Pydio repository.

Create /etc/apt/sources.list.d/pydio.list and add the following:

# Pydio Community repositories
deb https://download.pydio.com/pub/linux/debian/ jessie-backports main

then:

# wget -qO - https://download.pydio.com/pub/linux/debian/key/pubkey | apt-key add -

# apt-get install apt-transport-https
# apt-get update

# apt-get install pydio
# apt-get install pydio-all

In /etc/php/7.0/apache2/php.ini change:

output_buffering = 4096

to:

output_buffering = off

Create self-signed certificates for Pydio over ssl

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/pydio-selfsigned.key -out /etc/ssl/certs/pydio-selfsigned.crt
# openssl x509 -in /etc/ssl/certs/pydio-selfsigned.crt -out /etc/ssl/certs/pydio-selfsigned.pem -outform PEM

Enable ssl on apache:

# a2enmod ssl

In the /etc/apalche2/sites-enabled directory:

# rm 000-default.conf
# ln -s ../sites-available/default-ssl.conf default-ssl.conf

In default-ssl.conf change the follwing line from:

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem

To:

SSLCertificateFile /etc/ssl/certs/pydio-selfsigned.pem

Also change the following line from:

SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

To:

SSLCertificateKeyFile /etc/ssl/private/pydio-selfsigned.key

Restart apache and pydio

How-tos, Linux

Running multiple SSL sites on one IP with NGINX

This how-to will step you through the process needed to be able to run two different SSL sites (completely different URLs) on the same IP (same NGINX server too)

Let’s say you have own the domains www.example1.com and www.example2.org and that you wish to host both sites on the same server with one IP.  Let’s also say you wish to make it so that that both sites are SSL enabled (https).  Finally let’s assume that you have already secured proper SSL certificates for each domain.

The first step should be to ensure that we have the SSL certificates in a good location for NGINX to be able to reach them.  My personal preference isto store the certificates in /etc/nginx/ssl directory, usually in a directory named after the URL for the certificate.  Using the example names from above, we need to create two directories in /etc/nginx/ssl.  Something like the following:
# cd /etc/nginx/ssl
# mkdir www.example1.com
# mkdir www.example2.org

Now copy the certificates to their corresponding directories under /etc/nginx/ssl.

The next step is to create a configuration file for the first domain in /etc/nginx/sites-available directory. Let’s call the configuration file SSL-example1-com, its contents should be:

server {

listen 443;
server_name www.example1.com;

root /usr/share/nginx/www1;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example1.com/cert_for_example1_com-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/key_for_example_com1_server.key;
}

Notice that server_name is using the example1.com fully qualified domain name and that
the certificate and key correspond to the example1.com fully qualified domain name.

Now we create the configuration for the second site.  Lets use SSL-example2-org as the name and include the following as content:

server {

listen 443;
server_name www.example2.org;

root /usr/share/nginx/www2;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/www.example2.org/cert_for_example2-org-server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example2.org/key_for_example2_server_org.key;
}

Notice that server_name is using the example2.org fully qualified domain name and that
the certificate and key correspond to the example2.org fully qualified domain name.

Now create links to these configuration files in etc/nginx/sites-enabled:

# ln -s ../sites-available/SSL-example1-com 001-example-com
# ln -s ../sites-available/SSL-example2-org 002-example-org

Finally restart NGINX