SSL?

[voltron]

Hi Massimo,

do you have an idea when you would have that SSL tutorial ready?

Thanks

[Massimo Di Pierro]

If you want web2py with SSL without apache just try

web2py.py -h

If you want to web2py+apache+mod_ssl, I emailed my apache config
yesterday.

Let me know if you need something more specific.

Massimo

[voltron]

Thanks. I am posting your config here again so that I and others dont
have to dig for it :-) What would you advice? I dont think that I can
afford a signed certificate(but better than the unregistered ones that
pop up these annoying notification) at the moment so the mod_ssl
method might not be in the picture. Is it enough to web2py + SSL
without Apache?

Thanks

# Massimos config using mod_ssl

NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
<Location "/admin">
SSLRequireSSL
</Location>
<Location "/examples">
Order deny,allow
Allow from all
ProxyPass http://127.0.0.1:8000/examples
ProxyPassReverse http://127.0.0.1:8000/
</Location>
<Location "/">
Order deny,allow
Allow from all
ProxyPass http://127.0.0.1:8000/examples/default/index
ProxyPassReverse http://127.0.0.1:8000/
</Location>
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/apache2/access.log common
</VirtualHost>

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
<Location "/">
Order deny,allow
Allow from all
ProxyPass http://127.0.0.1:8000/
ProxyPassReverse http://127.0.0.1:8000/
</Location>
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/apache2/access.log common
</VirtualHost>

[Massimo Di Pierro]

with or without apache SSL still requires a certificate. No way
around it.

Massimo

[voltron]

Yes, I just noticed that when reading an Apache tutorial. Thanks

On Feb 20, 5:29 pm, Massimo Di Pierro <mdipie...@cs.depaul.edu> wrote:
> with or without apache SSL still requires a certificate. No way
> around it.
>
> Massimo
>
> On Feb 20, 2008, at 2:07 AM, voltron wrote:
>
>
>
> > Thanks. I am posting your config here again so that I and others dont
> > have to dig for it :-) What would you advice? I dont think that I can
> > afford a signed certificate(but better than the unregistered ones that
> > pop up these annoying notification) at the moment so the mod_ssl
> > method might not be in the picture. Is it enough to web2py + SSL
> > without Apache?
>
> > Thanks
>
> > # Massimos config using mod_ssl
>
> > NameVirtualHost *:80
> > NameVirtualHost *:443
> > <VirtualHost *:80>
> > <Location "/admin">
> > SSLRequireSSL
> > </Location>
> > <Location "/examples">
> > Order deny,allow
> > Allow from all
> > ProxyPasshttp://127.0.0.1:8000/examples

> > ProxyPassReversehttp://127.0.0.1:8000/

> > </Location>
> > <Location "/">
> > Order deny,allow
> > Allow from all
> > ProxyPasshttp://127.0.0.1:8000/examples/default/index

> > ProxyPassReversehttp://127.0.0.1:8000/

> > </Location>
> > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> > CustomLog /var/log/apache2/access.log common
> > </VirtualHost>
>
> > <VirtualHost *:443>
> > SSLEngine On
> > SSLCertificateFile /etc/apache2/ssl/server.crt
> > SSLCertificateKeyFile /etc/apache2/ssl/server.key
> > <Location "/">
> > Order deny,allow
> > Allow from all
> > ProxyPasshttp://127.0.0.1:8000/

> > ProxyPassReversehttp://127.0.0.1:8000/