Author Topic: HTTPS/SSL - what's considered a "hack" and what isn't?  (Read 2476 times)

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
HTTPS/SSL - what's considered a "hack" and what isn't?
« on: June 15, 2011, 12:10:23 pm »
Discussed this briefly with merkur2k, bongowongo and golgoj4 (I believe?) on IRC, but I wasn't quite sure what the conclusion was, so wanted to open the discussion up on the forums.

I am experiencing this problem http://forum.linuxmce.org/index.php?topic=11719.0, but we discovered it's because I stupidly chattr +i'ed /etc/apache2/sites-available/pluto. The reason I did this was because I was losing my HTTPS settings whenever the core was rebooted.

My question: Referring to this page http://wiki.linuxmce.org/index.php/HTTPS, what's fine to do, and what's not recommended? Obviously the chattr command was a silly thing to do (and I have removed this instruction from the wiki page), but I just wondered if there was anything else I should avoid doing? I'm going to restore my system to a previous (working) image, and want to know if I'm doing things right with regards to HTTPS setup.

Alternatively, is there another method of accessing my web orbiters externally in a secure manner?

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps

merkur2k

  • Addicted
  • *
  • Posts: 513
    • View Profile
Re: HTTPS/SSL - what's considered a "hack" and what isn't?
« Reply #1 on: June 15, 2011, 04:18:27 pm »
in a general sense, anything you have to adjust manually that seems like it should be part of the system is considered a hack. now, workarounds are fine too, if the problem is also reported and any instructions for the workaround clearly indicate as such and contain the ticket number.
for this specific case, a core_input firewall rule for port 443 just needs to be created. thats it.

purps

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1402
  • If it ain't broke, tweak it
    • View Profile
Re: HTTPS/SSL - what's considered a "hack" and what isn't?
« Reply #2 on: June 15, 2011, 05:18:01 pm »
Thank you for the reply, and the clarification.

OK, so if I restore my system to a previous image, and then update/upgrade, all of this will be in place?

What I don't understand (and I think I mentioned this in IRC) is how does the dyndns address that I set up fit into all this? Surely that information has to be entered in somewhere?

Cheers,
Matt.
1004 RC :: looking good :: upgraded 01/04/2013
my setup :: http://wiki.linuxmce.org/index.php/User:Purps