[Slashcode-development] Slash and SSL

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

OK, I got my local bender setup working simultaenously with SSL.  Here's
the essence of it:

* This will only work for ports 80 and 443, and all on the same hostname.

* This will only work if httpd yours have the same hostname.

* Set some vars.  Make absolutedir what rootdir normally is (it should be
this by default), remove "http:" from the front of rootdir and imagedir.
Now they are relative to whatever protocol you are using, which is the key
here.

* Configure your httpd.conf (assuming SSL is already set up*).  I did mine
like this:

NameVirtualHost s1.pudge.net:80
NameVirtualHost s1.pudge.net:443

Then I for this block:

<VirtualHost s1.pudge.net:80>

I changed to:

<VirtualHost s1.pudge.net:80 s1.pudge.net:443>

And then I added my site-specific SSL configs there:

<IfDefine SSL>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
</IfDefine>

* I used mod_ssl.  I got OpenSSL and built and installed it, got Apache
1.3.14 and unpacked it, then got and configured mod_ssl (which patched the
Apache tree).  Then I got the latest mod_perl (1.24_01 needed) and did the
following:

  perl Makefile.PL APACHE_SRC=../apache_1.3.14/src DO_HTTPD=1 USE_APACI=1 \
    PERL_MARK_WHERE=1 EVERYTHING=1 APACHE_PREFIX=/usr/local/apache
    ADD_MODULE=headers,ssl,rewrite SSL_BASE=/usr/local/ssl/

Then I ran a make.  Then I went to the apache dir and did "make
certificate", ran make install, then went back to the mod_perl to run make
instalkl for good measure.

And that is most of it there.  I added the global SSL configs to my
httpd.conf, and ran `apachectl startssl`.  I'll bang on it some more, but I
think that none of this requires any further changes to the Slash source,
just the few configs in the vars table.

There are probably little bugs, but we'll squash them as we go along.

-- 
Chris Nandor                      pu...@po...    http://pudge.net/
Open Source Development Network    pu...@os...     http://osdn.com/