Difference between revisions of "User:Alvonruff/HTTPS Notes"
Jump to navigation
Jump to search
Line 35: | Line 35: | ||
==The New Password Algorithm== | ==The New Password Algorithm== | ||
+ | This code replaces the current version in subitlogin.py: | ||
+ | |||
<pre> | <pre> | ||
wikiPass = record[0][1] | wikiPass = record[0][1] |
Revision as of 14:18, 22 May 2022
Apache
- dnf install mod_ssl
- systemctl restart httpd
- httpd -M
- cd /etc/httpd/conf.d
- Create file isfdb2.org.conf
- Add the following contents:
<VirtualHost *:80> ServerName stage.isfdb2.org DocumentRoot /var/www/html ServerAlias isfdb2.org ErrorLog /var/www/error.log CustomLog /var/www/requests.log combined Redirect permanent / https://isfdb2.org/ </VirtualHost>
- systemctl restart httpd
Certificate Support Software
- dnf install epel-release
- dnf install snapd
- dnf install certbot
- dnf install python3-certbot-apache
Certificates
- certbot --apache
- Select isfdb2.org
- systemctl restart httpd
Settings
- Change PROTOCOL in localdefs.py to "https"
- Change $wgServer in /var/www/html/wiki/LocalSettings.php to use https
- Go to the wiki and type MediaWiki:Sidebar in the search window. Edit that page and change http to https
The New Password Algorithm
This code replaces the current version in subitlogin.py:
wikiPass = record[0][1] # Extract the various fields stored in the user_password field fields = string.split(str(wikiPass), ":") encryption = fields[1] hashAlgo = fields[2] cost = int(fields[3]) keylen = int(fields[4]) # Decode the salt and key fields base64_salt = fields[5] base64_key = fields[6] salt = base64.b64decode(base64_salt) dbaseKey = base64.b64decode(base64_key) submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost) if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey): doError('Bad password')
Certificate Renewals
The current status of the certificates can be seen with: certbot certificates
A renewal can be performed with: /usr/bin/certbot renew --cert-name isfdb2.org
Issues to Resolve
None now.