Difference between revisions of "Tortixd"
(Created page with "= Introduction = Tortixd is the web console daemon for ASL. == Settings == There is currently only one user configurable setting for Tortixd. That is the Access Contro...") |
m |
||
| Line 23: | Line 23: | ||
This will block, and log, any access to port 30000 from IPs not on that list. Repeated attempts to connect will result in a shun of the offending IP as well. | This will block, and log, any access to port 30000 from IPs not on that list. Repeated attempts to connect will result in a shun of the offending IP as well. | ||
| + | |||
| + | == SSL ceritificates == | ||
| + | |||
| + | If you wish to configure the ASL web console to use a different SSL certificate check with your SSL vendor for instructions for setting up SSL keys and certificates for Apache. Each SSL vendor may require you change different settings. The ASL web console SSL settings are provided in this file: | ||
| + | |||
| + | ''/var/asl/etc/httpd/conf.d/ssl.conf'' | ||
| + | |||
| + | The following is provided as a courtesy, and should not be used unless you know what you are doing. Always follow the instructions of your SSL vendor. | ||
| + | |||
| + | === Generic instructions ==== | ||
| + | |||
| + | Step 1) Configure Apache to point to your SSL cert, key and CA bundle: | ||
| + | |||
| + | '''SSLCertificateFile''' | ||
| + | |||
| + | This is the path to your certificate file. | ||
| + | |||
| + | Example: | ||
| + | |||
| + | ''SSLCertificateFile /your/path/to/your.cert'' | ||
| + | |||
| + | '''SSLCertificateKeyFile''' | ||
| + | |||
| + | This is the path to your secret key. | ||
| + | |||
| + | Example: | ||
| + | |||
| + | ''SSLCertificateKeyFile /your/path/to/your.key'' | ||
| + | |||
| + | '''SSLCACertificateFile''' | ||
| + | |||
| + | This is the path to your certificate file. Your SSL provider will provide you with this file. | ||
| + | |||
| + | Example: | ||
| + | |||
| + | ''SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt'' | ||
| + | |||
| + | Step 2) | ||
| + | |||
| + | Restart tortixd: | ||
| + | |||
| + | service tortixd restart | ||
| + | |||
| + | '''Note: If you have questions about generating SSL keys and certs, please contact your SSL vendor.''' | ||
Revision as of 17:44, 25 February 2014
Contents |
Introduction
Tortixd is the web console daemon for ASL.
Settings
There is currently only one user configurable setting for Tortixd. That is the Access Control List system for tortixd.
ACL system
If you want to block access to tortixd, except from certain IPs, just add the IPs to this file:
/etc/asl/firewall/tortixd-access-list
One IP or CIDR per line. For example:
1.2.3.4 10.0.0.0/8
Then reload the ASL security policy:
asl -s -f
This will block, and log, any access to port 30000 from IPs not on that list. Repeated attempts to connect will result in a shun of the offending IP as well.
SSL ceritificates
If you wish to configure the ASL web console to use a different SSL certificate check with your SSL vendor for instructions for setting up SSL keys and certificates for Apache. Each SSL vendor may require you change different settings. The ASL web console SSL settings are provided in this file:
/var/asl/etc/httpd/conf.d/ssl.conf
The following is provided as a courtesy, and should not be used unless you know what you are doing. Always follow the instructions of your SSL vendor.
Generic instructions =
Step 1) Configure Apache to point to your SSL cert, key and CA bundle:
SSLCertificateFile
This is the path to your certificate file.
Example:
SSLCertificateFile /your/path/to/your.cert
SSLCertificateKeyFile
This is the path to your secret key.
Example:
SSLCertificateKeyFile /your/path/to/your.key
SSLCACertificateFile
This is the path to your certificate file. Your SSL provider will provide you with this file.
Example:
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
Step 2)
Restart tortixd:
service tortixd restart
Note: If you have questions about generating SSL keys and certs, please contact your SSL vendor.
