User:Alvonruff/HTTPS Notes
Jump to navigation
Jump to search
Apache
- dnf install mod_ssl
- systemctl restart httpd
- httpd -M
- cd /etc/httpd/conf.d
- Create file isfdb2.org.conf
- Add the following contents:
<VirtualHost *:80> ServerName stage.isfdb2.org DocumentRoot /var/www/html ServerAlias isfdb2.org ErrorLog /var/www/error.log CustomLog /var/www/requests.log combined </VirtualHost>
- service httpd restart
Certificate Support Software
- dnf install epel-release
- dnf install snapd
- dnf install certbot
- dnf install python3-certbot-apache
Certificates
- certbot --apache
- Select isfdb2.org
- systemctl restart httpd
Settings
- Change PROTOCOL in localdefs.py to "https"
- Change $wgServer in /var/www/html/wiki/LocalSettings.php to use https
The New Password Algorithm
wikiPass = record[0][1] # Extract the various fields stored in the user_password field fields = string.split(str(wikiPass), ":") encryption = fields[1] hashAlgo = fields[2] cost = int(fields[3]) keylen = int(fields[4]) # Decode the salt and key fields base64_salt = fields[5] base64_key = fields[6] salt = base64.b64decode(base64_salt) dbaseKey = base64.b64decode(base64_key) submittedKey = pbkdf2_hmac(hashAlgo, password.encode('utf-8'), salt, cost) if binascii.hexlify(submittedKey) != binascii.hexlify(dbaseKey): doError('Bad password')
Issues to Resolve
- Fixed the isfdb login issue, implementing a new algorithm using pbkdf2
- Interestingly, the wiki login is not working (sort of):
- When you log in, it is actually successful, but takes you back to the http version of the URL.
- So that cookie doesn't match
- If you go back to isfdb2.org and then punch the Wiki link, it shows you as logged in.
When logged out of both isfdb and the wiki, there is one cookie (whether you are on an isfdb page or wiki page):
- isfdb_mw_UserName = my user name
After login on the isfdb side:
- isfdbUserName
- isfdbToken
- isfdbUserID
- isfdb_mw_UserName
After login on the wiki side, and thrown into http:
- isfdbUserName
- isfdbToken
- isfdbUserID
Then after moving to an https version of the page:
- isfdbUserName
- isfdbToken
- isfdbUserID
- isfdb_mw_UserID
- isfdb_mw_UserName
- isfdb_mw_session