Project

General

Profile

Library req » History » Version 38

Refik Hadzialic, 11/16/2011 07:13 PM

1 1 Triatmoko -
h1. Library requirement
2 1 Triatmoko -
3 34 Refik Hadzialic
h1. Long installation guide
4 34 Refik Hadzialic
5 33 Refik Hadzialic
h3. Python (installation required on both sides, server computer and BeagleBoard)
6 32 Refik Hadzialic
7 32 Refik Hadzialic
Python is required to run our test software. 
8 32 Refik Hadzialic
9 32 Refik Hadzialic
<pre>
10 32 Refik Hadzialic
sudo apt−get install python2.7 python2.7-dev
11 32 Refik Hadzialic
</pre>
12 32 Refik Hadzialic
13 31 Refik Hadzialic
h3. PJSUA Library (installation required only on server computer)
14 1 Triatmoko -
15 1 Triatmoko -
pjsua is an open source command line SIP user agent (softphone) that is used as the reference implementation for PJSIP, PJNATH, and PJMEDIA. Despite its simple command line appearance, it does pack many features!
16 1 Triatmoko -
17 29 Refik Hadzialic
This library is used for the SIP handler. More information about this library can be found on this web site http://www.pjsip.org/pjsua.htm
18 1 Triatmoko -
19 1 Triatmoko -
How to use the SIP library and how to install it will be explain here: [[SIP| SIP Handler]]
20 3 Triatmoko -
21 31 Refik Hadzialic
h3. SSH (installation required on both sides, server computer and BeagleBoard)
22 6 Triatmoko -
23 29 Refik Hadzialic
Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server (running an SSH server program) and a client (running an SSH client program).[1].
24 6 Triatmoko -
25 29 Refik Hadzialic
Type the following to install it:
26 1 Triatmoko -
<pre>
27 1 Triatmoko -
sudo apt-get install ssh
28 1 Triatmoko -
</pre>
29 1 Triatmoko -
30 29 Refik Hadzialic
We need to configure the ssh connections to the nanoBTS controller boxes without typing the password. We can achieve this by copying the public key to the nanoBTS boxes.
31 29 Refik Hadzialic
32 29 Refik Hadzialic
One has to create first the private and public keys on the local machine(i.e. server computer, where the test software runs):
33 29 Refik Hadzialic
<pre>
34 29 Refik Hadzialic
refik@ubuntu:$ [Note: You are on local-host here]
35 29 Refik Hadzialic
36 29 Refik Hadzialic
refik@ubuntu:$ ssh-keygen
37 29 Refik Hadzialic
Generating public/private rsa key pair.
38 29 Refik Hadzialic
Enter file in which to save the key (/home/refik/.ssh/id_rsa):[Enter key]
39 29 Refik Hadzialic
Enter passphrase (empty for no passphrase): [Press enter key]
40 29 Refik Hadzialic
Enter same passphrase again: [Press enter key]
41 29 Refik Hadzialic
Your identification has been saved in /home/refik/.ssh/id_rsa.
42 29 Refik Hadzialic
Your public key has been saved in /home/refik/.ssh/id_rsa.pub.
43 29 Refik Hadzialic
The key fingerprint is:
44 29 Refik Hadzialic
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 refik@ubuntu
45 29 Refik Hadzialic
</pre>
46 29 Refik Hadzialic
47 29 Refik Hadzialic
Then one needs to copy the public key to the remote machine (nanoBTS controller, i.e. BeagleBoard) using ssh-copy-id:
48 29 Refik Hadzialic
49 29 Refik Hadzialic
<pre>
50 29 Refik Hadzialic
refik@ubuntu:$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
51 29 Refik Hadzialic
refik@remote-host's password:
52 29 Refik Hadzialic
Now try logging into the machine, with "ssh 'remote-host'", and check in:
53 29 Refik Hadzialic
54 29 Refik Hadzialic
.ssh/authorized_keys
55 29 Refik Hadzialic
56 29 Refik Hadzialic
to make sure we haven't added extra keys that you weren't expecting. 
57 29 Refik Hadzialic
</pre>
58 29 Refik Hadzialic
59 29 Refik Hadzialic
After we have created the public and private keys, and coppied the public key on the machine to which we want to connect, we can test if we can make an SSH connection to the remote machine:
60 29 Refik Hadzialic
<pre>
61 29 Refik Hadzialic
refik@ubuntu:$ ssh remote-host
62 29 Refik Hadzialic
[Note: SSH did not ask for password.]
63 29 Refik Hadzialic
64 29 Refik Hadzialic
refik@remote-host:$ [Note: You are on remote-host here]
65 1 Triatmoko -
</pre>
66 29 Refik Hadzialic
67 30 Refik Hadzialic
We created this using the guide at: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/
68 29 Refik Hadzialic
69 31 Refik Hadzialic
h3. easy_install (installation required only on server computer)
70 1 Triatmoko -
71 30 Refik Hadzialic
Easy Install is a python module (easy_install) bundled with setuptools that lets you automatically download, build, install, and manage Python packages.
72 1 Triatmoko -
73 13 Konrad Meier
<pre>
74 13 Konrad Meier
sudo apt-get install python-setuptools python-dev build-essential
75 13 Konrad Meier
</pre>
76 13 Konrad Meier
77 31 Refik Hadzialic
h3. Setproctitle (installation required only on server computer)
78 3 Triatmoko -
79 5 Triatmoko -
The library allows a process to change its title (as displayed by system tools such as ps and top).
80 1 Triatmoko -
81 30 Refik Hadzialic
Changing the title is mostly useful in multi-process systems, for example when a master process is forked: changing the children's title allows to identify the task each process is busy with.
82 5 Triatmoko -
83 30 Refik Hadzialic
You can use easy_install (i.e. the module we previously installed) to install the module. To perform a system-wide installation use:
84 30 Refik Hadzialic
Preferred installation procedure:
85 5 Triatmoko -
<pre>
86 1 Triatmoko -
sudo easy_install setproctitle
87 5 Triatmoko -
</pre>
88 5 Triatmoko -
89 30 Refik Hadzialic
Not preferred installation procedure:
90 5 Triatmoko -
If you are an unprivileged user or you want to limit installation to a local environment, you can use the command:
91 5 Triatmoko -
<pre>
92 1 Triatmoko -
easy_install -d /target/path setproctitle
93 5 Triatmoko -
</pre>
94 5 Triatmoko -
Notice that easy_install requires /target/path to be in your PYTHONPATH.
95 5 Triatmoko -
96 30 Refik Hadzialic
More information about this library can be found at http://pypi.python.org/pypi/setproctitle
97 1 Triatmoko -
98 31 Refik Hadzialic
h3. Serial port library (installation required on both sides, server computer and BeagleBoard)
99 1 Triatmoko -
100 10 Triatmoko -
The serial port library is required for the cell phones to communicate with our software. The required library for Python can be installed by typing the following command (both on the server computer and the nanoBTS controller boxes i.e. BeagleBoards):
101 1 Triatmoko -
102 1 Triatmoko -
<pre>
103 1 Triatmoko -
sudo apt-get install python-serial
104 1 Triatmoko -
</pre>
105 1 Triatmoko -
106 33 Refik Hadzialic
h3. MySQL Database (installation required only on server computer)
107 1 Triatmoko -
108 31 Refik Hadzialic
MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. It is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software.
109 31 Refik Hadzialic
110 31 Refik Hadzialic
To install MySQL, run the following command from a terminal prompt:
111 31 Refik Hadzialic
<pre>
112 31 Refik Hadzialic
sudo apt-get install mysql-server
113 31 Refik Hadzialic
</pre>
114 31 Refik Hadzialic
115 31 Refik Hadzialic
During the installation process you will be prompted to enter a password for the MySQL root user.
116 31 Refik Hadzialic
117 31 Refik Hadzialic
Once the installation is complete, the MySQL server should be started automatically. More information can be found at: https://help.ubuntu.com/11.04/serverguide/C/mysql.html
118 31 Refik Hadzialic
119 31 Refik Hadzialic
h3. MySQLdb (installation required only on server computer)
120 31 Refik Hadzialic
121 1 Triatmoko -
MySQLdb is an thread-compatible interface to the popular MySQL database server that provides the Python database API.
122 1 Triatmoko -
 _mysql is a low-level API similiar to the MySQL C API. ZMySQLDA is a Database Adapter for Zope2.
123 7 Triatmoko -
124 1 Triatmoko -
If you want to write applications which are portable across databases, use MySQLdb, and avoid using this module directly. _mysql provides an interface which mostly implements the MySQL C API. For more information, see the MySQL documentation. The documentation for this module is intentionally weak because you probably should use the higher-level MySQLdb module. If you really need it, use the standard MySQL docs and transliterate as necessary.
125 7 Triatmoko -
126 31 Refik Hadzialic
<pre>
127 31 Refik Hadzialic
sudo apt-get install python-mysqldb
128 31 Refik Hadzialic
</pre>
129 7 Triatmoko -
130 31 Refik Hadzialic
h3. pChart library 
131 31 Refik Hadzialic
132 8 Triatmoko -
The pChart library is within our installation les and does not require to be installed individually. The library is only required if one uses the web interface and requires the generated resulting image. The library is open source and does not require any licensing. However, if one needs to learn how the library works, information can be found on the pChart web page http://www.pchart.net/
133 8 Triatmoko -
134 33 Refik Hadzialic
h3. PhpMyadmin (installation required only on server computer)
135 8 Triatmoko -
136 8 Triatmoko -
phpMyAdmin is a very famous MySQL mangement software package. To use it you should install and configure PHP, Apache and php mysql.
137 8 Triatmoko -
The easy way to install PhpMyadmin is installing from package using Apt-get command.
138 8 Triatmoko -
<pre>
139 8 Triatmoko -
sudo apt-get install phpmyadmin
140 8 Triatmoko -
</pre>
141 30 Refik Hadzialic
142 31 Refik Hadzialic
For detailed instructions on using repositories and package managers, please go to: https://help.ubuntu.com/community/phpMyAdmin
143 30 Refik Hadzialic
144 14 Konrad Meier
Now you can continue with the steps written by Konrad and at the end configure the server for _https_ and _.htaccess_. 
145 1 Triatmoko -
146 34 Refik Hadzialic
h1. Quick installation guide by Konrad
147 14 Konrad Meier
148 37 Refik Hadzialic
h3. SSH
149 36 Refik Hadzialic
150 14 Konrad Meier
<pre>
151 34 Refik Hadzialic
apt-get install ssh
152 1 Triatmoko -
</pre>
153 1 Triatmoko -
154 36 Refik Hadzialic
h3. Python:
155 36 Refik Hadzialic
156 14 Konrad Meier
<pre>
157 14 Konrad Meier
apt-get install python python-serial python-setuptools python-dev build-essential
158 1 Triatmoko -
easy_install setproctitle
159 1 Triatmoko -
</pre>
160 14 Konrad Meier
161 36 Refik Hadzialic
h3. Apache + php:
162 36 Refik Hadzialic
163 16 Konrad Meier
<pre>
164 17 Konrad Meier
apt-get install apache2 
165 14 Konrad Meier
apt-get install libapache2-mod-php5
166 1 Triatmoko -
a2enmod php5
167 1 Triatmoko -
/etc/init.d/apache2 restart
168 34 Refik Hadzialic
</pre>
169 35 Refik Hadzialic
170 1 Triatmoko -
h3. Configuring PHP for output buffer
171 37 Refik Hadzialic
172 34 Refik Hadzialic
Open the following file:
173 34 Refik Hadzialic
<pre>
174 35 Refik Hadzialic
sudo vim /etc/php5/apache2/php.ini 
175 1 Triatmoko -
</pre>
176 1 Triatmoko -
and then find the line: 
177 34 Refik Hadzialic
<pre>
178 34 Refik Hadzialic
output_buffering = 4096 
179 35 Refik Hadzialic
</pre>
180 36 Refik Hadzialic
and replace it with: 
181 34 Refik Hadzialic
<pre>
182 35 Refik Hadzialic
output_buffering = off
183 34 Refik Hadzialic
</pre>
184 38 Refik Hadzialic
Execute the following command:
185 38 Refik Hadzialic
<pre>
186 38 Refik Hadzialic
a2dismod deflate
187 38 Refik Hadzialic
/etc/init.d/apache2 restart
188 38 Refik Hadzialic
</pre>
189 34 Refik Hadzialic
190 36 Refik Hadzialic
h3. MySQL:
191 36 Refik Hadzialic
192 14 Konrad Meier
<pre>
193 15 Konrad Meier
apt-get install mysql-server python-mysqldb php5-mysql php5-gd
194 15 Konrad Meier
</pre>
195 15 Konrad Meier
196 36 Refik Hadzialic
h3. PJSUA
197 36 Refik Hadzialic
198 1 Triatmoko -
<pre>
199 1 Triatmoko -
wget http://www.pjsip.org/release/1.12/pjproject-1.12.tar.bz2
200 15 Konrad Meier
tar --bzip2 -xvf pjproject-1.12.tar.bz2
201 15 Konrad Meier
./configure && make dep && make
202 15 Konrad Meier
cd pjsip-apps/src/python/
203 1 Triatmoko -
make 
204 18 Konrad Meier
sudo make install
205 18 Konrad Meier
</pre>
206 18 Konrad Meier
207 1 Triatmoko -
208 36 Refik Hadzialic
h3. Webserver-Config: 
209 36 Refik Hadzialic
210 18 Konrad Meier
Look below!
211 34 Refik Hadzialic
212 36 Refik Hadzialic
h3. Database preparation:
213 36 Refik Hadzialic
214 18 Konrad Meier
<pre>
215 18 Konrad Meier
mysql -u root -p -h localhost
216 18 Konrad Meier
create databas gsmselftesting;
217 18 Konrad Meier
use mysql;
218 18 Konrad Meier
GRANT ALL PRIVILEGES ON gsmselftesting.* TO 'selftest'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
219 18 Konrad Meier
220 18 Konrad Meier
mysql -u selftest -p -h localhost -D gsmselftesting < gsmselftesting.sql
221 1 Triatmoko -
mysql -u selftest -p -h localhost -D gsmselftesting < InsertData.sql
222 1 Triatmoko -
</pre>
223 18 Konrad Meier
224 19 Konrad Meier
Change mysql login credentials in the code:
225 18 Konrad Meier
<pre>
226 1 Triatmoko -
vim Code/Server-Code/DbClass.py
227 19 Konrad Meier
</pre>
228 19 Konrad Meier
229 19 Konrad Meier
Chnage mysql login credentials in the website:
230 19 Konrad Meier
<pre>
231 19 Konrad Meier
vim /var/www-ssl/gsm-selftest/dbconnection.php
232 15 Konrad Meier
</pre>
233 20 Konrad Meier
234 20 Konrad Meier
235 20 Konrad Meier
236 36 Refik Hadzialic
h3. Running the System:
237 36 Refik Hadzialic
238 20 Konrad Meier
<pre>
239 20 Konrad Meier
export DISPLAY=:0.0
240 20 Konrad Meier
./startSoftware.py
241 20 Konrad Meier
</pre>
242 20 Konrad Meier
243 20 Konrad Meier
<pre>
244 20 Konrad Meier
https://132.230.8.115
245 22 Refik Hadzialic
</pre>
246 22 Refik Hadzialic
247 22 Refik Hadzialic
248 22 Refik Hadzialic
h1. Configuring the web server to handle https and .htaccess files
249 22 Refik Hadzialic
250 23 Refik Hadzialic
h2. HTTPS
251 22 Refik Hadzialic
252 22 Refik Hadzialic
First we want to generate a server key by typing the following command:
253 22 Refik Hadzialic
<pre>
254 23 Refik Hadzialic
openssl genrsa −des3 −out server.key 4096
255 23 Refik Hadzialic
</pre>
256 23 Refik Hadzialic
257 23 Refik Hadzialic
258 23 Refik Hadzialic
This will generate a 4096 bit long private server key, one is asked to enter two times a password for the _server.key_. Using the generated private server key, we will create a certificate signing request, _server.csr_. We were prompted with a series of questions like country, state, organization name and etc which we had to enter to resume.
259 23 Refik Hadzialic
260 23 Refik Hadzialic
<pre>
261 22 Refik Hadzialic
openssl req -new -key server.key -out server.csr 
262 24 Refik Hadzialic
</pre>
263 24 Refik Hadzialic
264 24 Refik Hadzialic
In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid. In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed).
265 24 Refik Hadzialic
266 24 Refik Hadzialic
<pre>
267 24 Refik Hadzialic
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
268 24 Refik Hadzialic
</pre>
269 24 Refik Hadzialic
270 24 Refik Hadzialic
We were asked to enter the password again for _server.key_. After we have completed this step we had to make a version of the _server.key_ which did not require a password, _server.key.insecure_ and we will rename the files appropriately. 
271 24 Refik Hadzialic
272 24 Refik Hadzialic
<pre>
273 24 Refik Hadzialic
openssl rsa -in server.key -out server.key.insecure
274 24 Refik Hadzialic
mv server.key server.key.secure
275 24 Refik Hadzialic
mv server.key.insecure server.key
276 24 Refik Hadzialic
</pre>
277 24 Refik Hadzialic
278 25 Refik Hadzialic
The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files: _server.crt_, _server.csr_, _server.key_ and _server.key.secure_. Now we need to enable the SSL engine on the Apache web server. We copied _server.key_ and _server.crt_ into _/etc/appache2/ssl_. 
279 25 Refik Hadzialic
280 25 Refik Hadzialic
<pre>
281 25 Refik Hadzialic
refik@ubuntu:/etc/apache2$ sudo mkdir ssl
282 25 Refik Hadzialic
cp server.key /etc/apache2/ssl
283 25 Refik Hadzialic
cp server.crt /etc/apache2/ssl
284 25 Refik Hadzialic
</pre>
285 25 Refik Hadzialic
286 25 Refik Hadzialic
Then we enabled SSL by typing in _a2enmod ssl_, "it is simply a general purpose utility to establish a symlink between a module in _/etc/apache2/mods-available_ to _/etc/apache2/mods-enabled_ (or give a message to the effect that a given module does not exist or that it is already symlink-ed for loading)".
287 25 Refik Hadzialic
288 25 Refik Hadzialic
<pre>
289 25 Refik Hadzialic
refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
290 25 Refik Hadzialic
Enabling module ssl.
291 25 Refik Hadzialic
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
292 25 Refik Hadzialic
Run '/etc/init.d/apache2 restart' to activate new configuration!
293 26 Refik Hadzialic
</pre>
294 26 Refik Hadzialic
295 26 Refik Hadzialic
In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
296 26 Refik Hadzialic
297 26 Refik Hadzialic
<pre>
298 26 Refik Hadzialic
refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 
299 26 Refik Hadzialic
refik@ubuntu:/etc/apache2/ssl$ cd /var/
300 26 Refik Hadzialic
refik@ubuntu:/var$ sudo mkdir www-ssl
301 26 Refik Hadzialic
</pre>
302 26 Refik Hadzialic
303 26 Refik Hadzialic
We had backed up our old configuration files for the virtual hosts, for the case if we damage the Apache configuration files. Then we edited the _default-ssl_ file.
304 26 Refik Hadzialic
305 26 Refik Hadzialic
<pre>
306 26 Refik Hadzialic
refik@ubuntu:/var$ cd /etc/apache2/sites-available
307 26 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
308 26 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
309 26 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
310 26 Refik Hadzialic
</pre>
311 26 Refik Hadzialic
312 26 Refik Hadzialic
Only the beginning of the file is listed here and we have modified the line starting with _DocumentRoot_ and _<Directory /var/www/>_ from _DocumentRoot /var/www_ to _DocumentRoot /var/www-ssl_ and from _<Directory /var/www/>_ to _<Directory /var/www-ssl/>_ (i.e. we had to redefine the location of our SSL directory).
313 26 Refik Hadzialic
314 26 Refik Hadzialic
<pre>
315 26 Refik Hadzialic
<IfModule mod_ssl.c>
316 26 Refik Hadzialic
<VirtualHost _default_:443>
317 26 Refik Hadzialic
        ServerAdmin webmaster@localhost
318 26 Refik Hadzialic
319 26 Refik Hadzialic
        DocumentRoot /var/www-ssl
320 26 Refik Hadzialic
        <Directory />
321 26 Refik Hadzialic
                Options FollowSymLinks
322 26 Refik Hadzialic
                AllowOverride None
323 26 Refik Hadzialic
        </Directory>
324 26 Refik Hadzialic
        <Directory /var/www-ssl/>
325 26 Refik Hadzialic
                Options Indexes FollowSymLinks MultiViews
326 26 Refik Hadzialic
                AllowOverride None
327 26 Refik Hadzialic
                Order allow,deny
328 26 Refik Hadzialic
                allow from all
329 26 Refik Hadzialic
        </Directory>
330 27 Refik Hadzialic
</pre>
331 27 Refik Hadzialic
332 27 Refik Hadzialic
One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a _https_ connection. One could test that by going into the _/etc/apache2/ports.conf_.
333 27 Refik Hadzialic
334 28 Refik Hadzialic
<pre>
335 27 Refik Hadzialic
<IfModule mod_ssl.c>
336 27 Refik Hadzialic
    # If you add NameVirtualHost *:443 here, you will also have to change
337 27 Refik Hadzialic
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
338 27 Refik Hadzialic
    # to <VirtualHost *:443>
339 27 Refik Hadzialic
    # Server Name Indication for SSL named virtual hosts is currently not
340 27 Refik Hadzialic
    # supported by MSIE on Windows XP.
341 28 Refik Hadzialic
    Listen 443
342 27 Refik Hadzialic
</IfModule>
343 27 Refik Hadzialic
</pre>
344 27 Refik Hadzialic
345 27 Refik Hadzialic
In our case it was set up correctly, since the command: _Listen 443_ was present. In our last configuration step we had to edit _default-ssl_ file to define the correct locations of our keys and to ensure the SSL engine was turned on.
346 27 Refik Hadzialic
347 27 Refik Hadzialic
<pre>
348 27 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
349 27 Refik Hadzialic
</pre>
350 27 Refik Hadzialic
351 27 Refik Hadzialic
The following part of the file had to be found and modified according to our key path locations:
352 27 Refik Hadzialic
<pre>
353 27 Refik Hadzialic
SSLEngine on
354 27 Refik Hadzialic
355 27 Refik Hadzialic
       #   A self-signed (snakeoil) certificate can be created by installing
356 27 Refik Hadzialic
       #   the ssl-cert package. See
357 27 Refik Hadzialic
       #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
358 27 Refik Hadzialic
       #   If both key and certificate are stored in the same file, only the
359 27 Refik Hadzialic
       #   SSLCertificateFile directive is needed.
360 27 Refik Hadzialic
       SSLCertificateFile    /etc/apache2/ssl/server.crt
361 27 Refik Hadzialic
       SSLCertificateKeyFile /etc/apache2/ssl/server.key
362 27 Refik Hadzialic
363 27 Refik Hadzialic
       #   Server Certificate Chain:
364 27 Refik Hadzialic
       #   Point SSLCertificateChainFile at a file containing the
365 27 Refik Hadzialic
</pre>
366 27 Refik Hadzialic
367 28 Refik Hadzialic
Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site _/var/www-ssl/index.php_ and navigated our browser to _https://localhost_. The test was successful! 
368 28 Refik Hadzialic
369 28 Refik Hadzialic
<pre>
370 28 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
371 28 Refik Hadzialic
 * Restarting web server apache2                                                                                                                                        [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
372 28 Refik Hadzialic
 ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
373 28 Refik Hadzialic
refik@ubuntu:/etc/apache2/sites-available$
374 28 Refik Hadzialic
</pre>
375 28 Refik Hadzialic
376 28 Refik Hadzialic
h2. Configuring the password protection for the web site (using .htaccess)
377 28 Refik Hadzialic
378 28 Refik Hadzialic
However, to enable the use of Apache _.htaccess_ files, we will have to reconfigure the Apache configuration files again. _root_ access will be required. First we have to edit the _/etc/apache2/sites-available/default-ssl_ file. Find the following lines and modify the _AllowOverride None_ to _AllowOverride All_
379 28 Refik Hadzialic
like in the given configuration segment:
380 28 Refik Hadzialic
381 28 Refik Hadzialic
<pre>
382 28 Refik Hadzialic
        <Directory /var/www-ssl/>
383 28 Refik Hadzialic
                Options Indexes FollowSymLinks MultiViews
384 28 Refik Hadzialic
                AllowOverride All
385 28 Refik Hadzialic
                Order allow,deny
386 28 Refik Hadzialic
                allow from all
387 28 Refik Hadzialic
        </Directory>
388 28 Refik Hadzialic
</pre>
389 28 Refik Hadzialic
390 28 Refik Hadzialic
This will tell Apache web server that it is okay to allow _.htaccess_ files to over-ride previous directives. We must reload the Apache web server before the changes can take effect. We can do it by typing:
391 28 Refik Hadzialic
392 28 Refik Hadzialic
<pre>
393 28 Refik Hadzialic
sudo /etc/init.d/apache2 reload
394 28 Refik Hadzialic
</pre>
395 28 Refik Hadzialic
396 28 Refik Hadzialic
The next step is to go to the directory where our test software web page is located (e.g. _/var/www-ssl/testsoftware_) and to create a file called _.htaccess_.
397 28 Refik Hadzialic
Please insert the following code segment inside the created _.htaccess_ file where _/var/www-ssl/testsoftware/.htpasswd_ is your full path address to _.htpasswd_:
398 28 Refik Hadzialic
399 28 Refik Hadzialic
<pre>
400 28 Refik Hadzialic
AuthUserFile /var/www-ssl/testsoftware/.htpasswd
401 28 Refik Hadzialic
AuthName "Authorization Required"
402 28 Refik Hadzialic
AuthType Basic
403 28 Refik Hadzialic
require valid-user 
404 28 Refik Hadzialic
</pre>
405 28 Refik Hadzialic
406 28 Refik Hadzialic
Then in the next step, create another file called _.htpasswd_. After you have created it, we will add the usernames that should have access to the web site. We do that by typing the following command, where you can replace _konrad_ with any other combination of letters which will represent your username:
407 28 Refik Hadzialic
408 28 Refik Hadzialic
<pre>
409 28 Refik Hadzialic
refik@ubuntu:/var/www-ssl/testsoftware$ sudo htpasswd -c .htpasswd konrad
410 28 Refik Hadzialic
</pre>
411 28 Refik Hadzialic
412 28 Refik Hadzialic
Afterwards, you will be required to type twice the same password for the username you want to create, in this case _konrad_. "The -c flag is used only when you 
413 28 Refik Hadzialic
are creating a new file. After the first time, you will omit the -c flag, when you are adding new users to an already-existing password file. Otherwise you will overwrite the file!". You can add as many users as you wish, do not forget to remove the -c flag when you do it. In the last step, we have to modify the _/etc/apache2/apache2.conf_ file and to add at the end of it the following code segment where _/vaw/www-ssl/testsoftware_ is the full path to your web page directory where you put the _.htpasswd_ file:
414 28 Refik Hadzialic
415 28 Refik Hadzialic
<pre>
416 28 Refik Hadzialic
<Directory /vaw/www-ssl/testsoftware>
417 28 Refik Hadzialic
AllowOverride All
418 28 Refik Hadzialic
</Directory>
419 28 Refik Hadzialic
</pre>
420 28 Refik Hadzialic
421 28 Refik Hadzialic
We are done with editing. All we have to do now is to restart the Apache web server. We
422 28 Refik Hadzialic
can do that by typing:
423 28 Refik Hadzialic
424 28 Refik Hadzialic
<pre>
425 28 Refik Hadzialic
sudo /etc/init.d/apache2 restart
426 28 Refik Hadzialic
</pre>
427 28 Refik Hadzialic
428 1 Triatmoko -
You can test it now by opening a new browser tab and navigating to _https://localhost/testsoftware_ (keep in mind to replace _testsoftware_ with your name of the folder where the web page is located). If you configured everything properly, you should get a dialog where you can enter your created username and password and try to login.