Difference between revisions of "WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 7: | Line 7: | ||
To find this file use this command: | To find this file use this command: | ||
| − | find / | grep 'hotspotlogin.cgi' | + | find / | grep 'hotspotlogin.cgi' |
In our example the file we require is found in: | In our example the file we require is found in: | ||
| − | /usr/share/doc/coova-chilli/hotspotlogin.cgi.gz | + | /usr/share/doc/coova-chilli/hotspotlogin.cgi.gz |
We need to create a directory in our apache web server, copy hotspotlogin.cgi and make it executable. | We need to create a directory in our apache web server, copy hotspotlogin.cgi and make it executable. | ||
| − | sudo mkdir -p /var/www/hotspot/cgi-bin | + | sudo mkdir -p /var/www/hotspot/cgi-bin |
| − | zcat -c /usr/share/doc/coova-chilli/hotspotlogin.cgi.gz | sudo tee /var/www/hotspot/cgi-bin/hotspotlogin.cgi | + | zcat -c /usr/share/doc/coova-chilli/hotspotlogin.cgi.gz | sudo tee /var/www/hotspot/cgi-bin/hotspotlogin.cgi |
| − | sudo chmod a+x /var/www/hotspot/cgi-bin/hotspotlogin.cgi | + | sudo chmod a+x /var/www/hotspot/cgi-bin/hotspotlogin.cgi |
edit login script | edit login script | ||
| − | nano -w /var/www/hotspot/cgi-bin/hotspotlogin.cgi | + | nano -w /var/www/hotspot/cgi-bin/hotspotlogin.cgi |
Uncomment and change password | Uncomment and change password | ||
| − | $uamsecret = "uamsecret"; | + | $uamsecret = "uamsecret"; |
| − | $userpassword=1; | + | $userpassword=1; |
if you like to edit the page later, don't use print "HTML code"; use | if you like to edit the page later, don't use print "HTML code"; use | ||
| − | print <<ENDHTML; | + | print <<ENDHTML; |
| − | ....your HTML code here..... | + | ....your HTML code here..... |
| − | + | ||
| − | ENDHTML | + | ENDHTML |
this way you don't need to escape the double quotes. | this way you don't need to escape the double quotes. | ||
| Line 42: | Line 42: | ||
To install the Apache2 module for MYSQL authentication, you can run the following command from a terminal prompt: | To install the Apache2 module for MYSQL authentication, you can run the following command from a terminal prompt: | ||
| − | sudo apt-get install libapache2-mod-auth-mysql | + | sudo apt-get install libapache2-mod-auth-mysql |
Once you install the module, the module will be available in the /etc/apache2/mods-available directory. You can use the a2enmod command to enable a module. You can use the a2dismod command to disable a module. Once you enable the module, the module will be available in the the /etc/apache2/mods-enabled directory. | Once you install the module, the module will be available in the /etc/apache2/mods-available directory. You can use the a2enmod command to enable a module. You can use the a2dismod command to disable a module. Once you enable the module, the module will be available in the the /etc/apache2/mods-enabled directory. | ||
| Line 49: | Line 49: | ||
Make sure LAMP server is installed, if not use the following command: | Make sure LAMP server is installed, if not use the following command: | ||
| − | tasksel | + | tasksel |
Create a Certificate | Create a Certificate | ||
| − | sudo apt-get install ssl-cert | + | sudo apt-get install ssl-cert |
| − | + | sudo mkdir /etc/apache2/ssl | |
| − | sudo mkdir /etc/apache2/ssl | ||
We need to find our host name for our cert | We need to find our host name for our cert | ||
| − | hostname -f | + | hostname -f |
Hardcoding cert lifetime based on this patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821#22 | Hardcoding cert lifetime based on this patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821#22 | ||
| − | sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | + | sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem |
(Answer questions) | (Answer questions) | ||
| Line 77: | Line 76: | ||
The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar. | The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar. | ||
| − | sudo a2enmod ssl | + | sudo a2enmod ssl |
| − | + | /etc/init.d/apache2 force-reload | |
| − | /etc/init.d/apache2 force-reload | ||
Create virtualhost | Create virtualhost | ||
| Line 85: | Line 83: | ||
Create a virtualhost file so it looks something like this: | Create a virtualhost file so it looks something like this: | ||
| − | sudo nano -w /etc/apache2/sites-available/hotspot | + | sudo nano -w /etc/apache2/sites-available/hotspot |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | NameVirtualHost 10.1.0.1:443 | |
| − | + | <VirtualHost 10.1.0.1:443> | |
| − | + | ServerAdmin webmaster@domain.org | |
| − | </VirtualHost> | + | DocumentRoot "/var/www/hotspot" |
| + | ServerName "10.1.0.1" | ||
| + | <Directory "/var/www/hotspot/"> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride None | ||
| + | Order allow,deny | ||
| + | allow from all | ||
| + | </Directory> | ||
| + | |||
| + | Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/" | ||
| + | <Directory "/usr/share/freeradius-dialupadmin/htdocs/"> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride None | ||
| + | Order allow,deny | ||
| + | allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ScriptAlias /cgi-bin/ /var/www/hotspot/cgi-bin/ #this here is a alias with no hotspot path !!!!!!! | ||
| + | <Directory "/var/www/hotspot/cgi-bin/"> | ||
| + | AllowOverride None | ||
| + | Options ExecCGI -MultiViews +SymLinksIfOwnerMatch | ||
| + | Order allow,deny | ||
| + | Allow from all | ||
| + | </Directory> | ||
| + | |||
| + | ErrorLog /var/log/apache2/hotspot-error.log | ||
| + | |||
| + | LogLevel warn | ||
| + | |||
| + | CustomLog /var/log/apache2/hotspot-access.log combined | ||
| + | |||
| + | ServerSignature On | ||
| + | SSLEngine on | ||
| + | SSLCertificateFile /etc/apache2/ssl/apache.pem | ||
| + | </VirtualHost> | ||
Enable SSL virtualhost | Enable SSL virtualhost | ||
| − | sudo a2ensite hotspot | + | sudo a2ensite hotspot |
| − | /etc/init.d/apache2 reload | + | /etc/init.d/apache2 reload |
Listen Ports | Listen Ports | ||
| Line 136: | Line 134: | ||
HTTPS should listen on port number 443. You should add the following line to the /etc/apache2/ports.conf file: | HTTPS should listen on port number 443. You should add the following line to the /etc/apache2/ports.conf file: | ||
| − | nano -w /etc/apache2/ports.conf | + | nano -w /etc/apache2/ports.conf |
| − | Listen *:443 | + | Listen *:443 |
| − | Listen *:80 | + | Listen *:80 |
| − | #<IfModule mod_ssl.c> | + | #<IfModule mod_ssl.c> |
| − | # Listen 443 | + | # Listen 443 |
| − | #</IfModule> | + | #</IfModule> |
don't forget to modify | don't forget to modify | ||
| − | sudo nano -w /etc/apache2/sites-available/default | + | sudo nano -w /etc/apache2/sites-available/default |
| − | NameVirtualHost *:80 | + | NameVirtualHost *:80 |
| − | <virtualhost *:80> | + | <virtualhost *:80> |
Server Root | Server Root | ||
| − | nano -w /etc/apache2/apache2.conf | + | nano -w /etc/apache2/apache2.conf |
add | add | ||
| − | ServerName 10.1.0.1 | + | ServerName 10.1.0.1 |
Edit host file | Edit host file | ||
| − | nano -w /etc/hosts | + | nano -w /etc/hosts |
| − | 10.1.0.1 host.name host #change to your host name | + | 10.1.0.1 host.name host #change to your host name |
Restart Apache server | Restart Apache server | ||
| − | sudo /etc/init.d/apache2 restart | + | sudo /etc/init.d/apache2 restart |
your web broswer should be able to link to pages | your web broswer should be able to link to pages | ||
| − | https://10.1.0.1/cgi-bin/hotspotlogin.cgi | + | https://10.1.0.1/cgi-bin/hotspotlogin.cgi |
and | and | ||
| − | http://10.1.0.1:3990/ | + | http://10.1.0.1:3990/ |
Finish | Finish | ||
| Line 181: | Line 179: | ||
Reboot your computer and everything should work, lol does that really need a reboot???? whatever lets restart: | Reboot your computer and everything should work, lol does that really need a reboot???? whatever lets restart: | ||
| − | reboot | + | reboot |
Revision as of 13:26, 7 April 2010
Apache Server
Create login page
We need to create a login page. Fortunately the creators of coovachilli have included hotspotlogin.cgi with the source code:
To find this file use this command:
find / | grep 'hotspotlogin.cgi'
In our example the file we require is found in:
/usr/share/doc/coova-chilli/hotspotlogin.cgi.gz
We need to create a directory in our apache web server, copy hotspotlogin.cgi and make it executable.
sudo mkdir -p /var/www/hotspot/cgi-bin zcat -c /usr/share/doc/coova-chilli/hotspotlogin.cgi.gz | sudo tee /var/www/hotspot/cgi-bin/hotspotlogin.cgi sudo chmod a+x /var/www/hotspot/cgi-bin/hotspotlogin.cgi
edit login script
nano -w /var/www/hotspot/cgi-bin/hotspotlogin.cgi
Uncomment and change password
$uamsecret = "uamsecret"; $userpassword=1;
if you like to edit the page later, don't use print "HTML code"; use
print <<ENDHTML; ....your HTML code here..... ENDHTML
this way you don't need to escape the double quotes. SSL
Apache Modules
To install the Apache2 module for MYSQL authentication, you can run the following command from a terminal prompt:
sudo apt-get install libapache2-mod-auth-mysql
Once you install the module, the module will be available in the /etc/apache2/mods-available directory. You can use the a2enmod command to enable a module. You can use the a2dismod command to disable a module. Once you enable the module, the module will be available in the the /etc/apache2/mods-enabled directory. Setup up Apache and SSL
Make sure LAMP server is installed, if not use the following command:
tasksel
Create a Certificate
sudo apt-get install ssl-cert sudo mkdir /etc/apache2/ssl
We need to find our host name for our cert
hostname -f
Hardcoding cert lifetime based on this patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293821#22
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
(Answer questions)
* Note: The "Host Name" must be fill out correctly The host name of the server the certificate is for. This must be filled in. (commonName)
Host Name as per hostname -f
host.name #change to your host name
Install Module
The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL encryption, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
sudo a2enmod ssl /etc/init.d/apache2 force-reload
Create virtualhost
Create a virtualhost file so it looks something like this:
sudo nano -w /etc/apache2/sites-available/hotspot
NameVirtualHost 10.1.0.1:443
<VirtualHost 10.1.0.1:443>
ServerAdmin webmaster@domain.org
DocumentRoot "/var/www/hotspot"
ServerName "10.1.0.1"
<Directory "/var/www/hotspot/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Alias "/dialupadmin/" "/usr/share/freeradius-dialupadmin/htdocs/"
<Directory "/usr/share/freeradius-dialupadmin/htdocs/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/hotspot/cgi-bin/ #this here is a alias with no hotspot path !!!!!!!
<Directory "/var/www/hotspot/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hotspot-error.log
LogLevel warn
CustomLog /var/log/apache2/hotspot-access.log combined
ServerSignature On
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
Enable SSL virtualhost
sudo a2ensite hotspot
/etc/init.d/apache2 reload
Listen Ports
HTTPS should listen on port number 443. You should add the following line to the /etc/apache2/ports.conf file:
nano -w /etc/apache2/ports.conf
Listen *:443 Listen *:80 #<IfModule mod_ssl.c> # Listen 443 #</IfModule>
don't forget to modify
sudo nano -w /etc/apache2/sites-available/default
NameVirtualHost *:80 <virtualhost *:80>
Server Root
nano -w /etc/apache2/apache2.conf
add
ServerName 10.1.0.1
Edit host file
nano -w /etc/hosts
10.1.0.1 host.name host #change to your host name
Restart Apache server
sudo /etc/init.d/apache2 restart
your web broswer should be able to link to pages
https://10.1.0.1/cgi-bin/hotspotlogin.cgi
and
http://10.1.0.1:3990/
Finish
Reboot your computer and everything should work, lol does that really need a reboot???? whatever lets restart:
reboot
Pranala Menarik
- WiFi: HotSpot - CoovaChilli Pendahuluan
- WiFi: HotSpot - CoovaChilli Kebutuhan Hardware dan Software
- WiFi: HotSpot - CoovaChilli Instalasi Radius Server
- WiFi: HotSpot - Instalasi CoovaChilli
- WiFi: HotSpot - CoovaChilli Instalasi Firewall
- WiFi: HotSpot - CoovaChilli Instalasi Apache dan SSL
- WiFi: HotSpot - CoovaChilli Fitur dan Keterangan Tambahan
- WiFi: HotSpot