| ID |
Date |
Author |
Author Email |
Category |
Subject |
Status |
Last Revision |
|
9
|
Wed Jul 7 18:19:10 2004 |
Steve Jones | steve.jones@freescale.com | Script | Generic Unix elogd init script | Stable | Wed Jul 7 18:19:38 2004 by Steve Jones |
The elogd.init script that ships in the elog distribution is Linux centric.
This script is written to work in a generic Unix environment under 'sh' -
no frills! |
|
11
|
Wed Nov 24 23:45:19 2004 |
damon nettles | nettles@phgrav.phys.lsu.edu | Other | Steps for securing Elog using SSL and Apache | Stable | |
Everything in this guide was done on a full install of Fedora Core 3 running
Apache 2.0. If you are using an older version of Apache some of this may not
work, so I recommend upgrading. Also, on different Linux distributions, some
of the paths may be different.
The goal here is to get Elog set up under Secure Socket Layers, so that
communication both ways is encrypted. This will cover any password
transactions so nothing gets sent over the web in the clear.
The previous method of securing the Elog, which involved using stunnel, is
out of date. A better way to go is to use the Elog in conjunction with
Apache. The Apache method leverages all the research and development that's
gone into providing secure sockets for Apache, and removes the need for any
serious reinventing of the wheel.
We begin with a web server running on port 80 and an Elog server running on
port 8080.
Making Certificates:
It's necessary to generate some secure certificates to be issued to anyone
who attempts to access the securesite.
A guide to making the certificates can be found at:
http://slacksite.com/apache/certificate.html
So, following the steps in the article:
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out\
server.key 1024
where the \ is merely an indicator that the command wouldn't fit on a line
here. The fileN references are sources of random information to help the
random number seed be more random. I merely used some personal text files
that were zipped up, as suggested in the page.
openssl rsa -in server.key -out server.pem
Removes the RSA encryption from the key, to make it easier for the Apache
server to deal with it.
openssl req -new -key server.key -out server.csr
Starts a line of questioning about us as a certificate issuing entity.
Answer with reasonable values.
openssl x509 -req -days 60 -in server.csr -signkey server.key -
out\
server.crt
After this move the server.pem, server.crt, and server.csr to the
appropriate directories under /etc/httpd/conf/ . The extensions explain
which directory to put them in, with the exception that server.pem ended up
in etc/httpd/conf/ssl.key/ .
In the elogd.cfg file, change the port to 8079, and set the URL to
"https://your.host.name/" . Restarting the Elog daemon now leaves us with
Elog listening to port 8079 instead of port 8080.
The rest of the story is in the "elogredirect.conf" file attached to this
post, but here are the highlights.
Create a virtual host dealing with SSL that listens to port 443 (the ssl
port), and acts as a proxy for port 8079 (where Elog is listening). This
allows Apache to act as an SSL handler for Elog by handing off any access at
https://your.host.name/ to the Elog server. The firewall then can keep out
any direct attempts to access port 8079, so that the only thing that can
reach the Elog server is stuff talking to 8079 on the local side of the
firewall (which pretty much means just the Apache proxy). I recommend
Firestarter for the firewall config by the way, it's a real lifesaver.
http://firestarter.sourceforge.net/
This covers the SSL portion of the story, and by doing the redirection
inside the port 443 virtual host, instead of from the port 80 webpage as
before, you can avoid any path overlap.
As was the case for us, you may have links in older Elog posts, e-mails, or
web pages that point to specific Elog posts. If you have been using Elog for
some time and never bothered with the SSL stuff, the links most likely look
something like
http://your.host.name:8080/yourlogbook/postnumber.
To cover legacy support for calls on port 8080, you can create another
virtual host listening to port 8080. This host's job is to take any
incoming URL calls on "http://your.host.name:8080/a_directory" and
translate them into calls on "https://your.host.name/the_same_directory" .
This means that any attempt to contact the Elog on port 8080 will get
answered by an Apache virtual host that redirects the client through the
Apache SSL virtual host described above. See the conf file for the details.
So in the end, the firewall is set to only allow through ports 80, 443, and
8080. Port 80 handles the normal webpage access stuff. Port 443
exclusively handles the SSL port for the Elog daemon, and port 8080
exclusively handles the redirect for the legacy Elog calls.
Implementation of this setup on another system should be pretty
straightforward. Apache's config file is at /etc/httpd/conf/httpd.conf ,
and it also loads any *.conf files in /etc/httpd/conf.d/ . So its a pretty
simple case of just dropping elogredirect.conf into /etc/httpd/conf.d/ and
restarting the Apache server. Of course the necessary changes to elogd.cfg
have to be made and that server restarted as well. The firewall, too, needs
to be setup to secure the whole deal. Note that the elogredirect.conf file
needs to be edited for your specific setup (changing the instances of
"your.host.name" to whatever your server is, and also putting in the
administrator e-mail address where it is noted).
This work was done by Jonathan Hanson and Damon Nettles in the Gravity Lab
at Louisiana State University. You can see our Elog at
https://sam.phys.lsu.edu/elog .
If you have any questions or comments send them to
nettles@phgrav.phys.lsu.edu . |
|
12
|
Wed Feb 23 11:25:51 2005 |
Emiliano Gabrielli | AlberT@SuperAlberT.it | Script | bash script for thumbnails creation, version: 0.2.0 | Stable | Mon May 2 14:51:29 2005 by Emiliano Gabrielli |
The following script creates a thumbnail for image/ps/pdf files.
it can be used with "Execute edit" and "Execute new" configuration commands
in order to get resized thumbs of attachments.
It uses file(1), convert(1) for images, gs(1) is also required for ps and pdf.
You have to start elogd with the "-x" option to enable execution and put
something similar to the following in you configuration elog file:
Execute new = /path/to/make_thumbs -s 650 -q 95 $attachments
Execute edit = /path/to/make_thumbs -s 100 $attachments
make_thumbs have to be executable by the user running elogd, of course.
ChangeLog:
* version 0.2.0 Fixes a BUG in PDF creation |
|
13
|
Thu Apr 28 15:45:58 2005 |
Alex H | alexsynergie-infcom | Theme/Skin | Bubble for pleasure by L'ange noir | Stable | Mon Aug 1 09:35:26 2005 by Alex H |
The original theme is from Francois Cukier but I have change a some color
and font.
Francois Cukier said : "Uncompress "Bubble.zip" in your Elog default
folder if you want to replace the original elog theme. Otherwise, if you
decompress it in another folder, you will need to modify your elogd.cfg
file as described at this adress: http://midas.psi.ch/elog/config.html"
Do it at the same ;o)
I want to thanks Francois Cukier and Stephan Ritt for their works, so
THANKS a lot !
I wait your comments :o).
-UPDATE------------------------------------------------------------------------
2005/08/1 : Alexander Sheremet correct CSS bug thanks to it, archive re-uploaded |
|
14
|
Fri Jul 8 17:34:02 2005 |
Emiliano Gabrielli | AlberT@SuperAlberT.it | Script | JavaScript list auto-refresh | Stable | Tue Jul 12 12:36:16 2005 by Emiliano Gabrielli |
Here is a simple piece of JS code to accomplish a smart page reload.
We don't reload if in some kind of editing mode.
You can put the code everywhere you like in the elog html page, my suggestion is to put it in Bottom Text (or Top Text):
;auto-refresh
Bottom text = [I]<script language="JavaScript">if (null==window.location.href.match('/[0-9]+$|.*(cmd|select)=.*') ) { window.setTimeout("location.reload();", 2*60*1000); now=new Date(); document.write('<br/>Last reload at '+now.getFullYear()+'/'+(now.getMonth()+1)+'/'+now.getDate()+', '+( ((h=now.getHours())<10) ? '0'+h :h)+':'+( ((m=now.getMinutes())<10) ? '0'+m :m)+':'+( ((s=now.getSeconds())<10) ? '0'+s :s)) }</script>[/I]
the timer is a product of # of minutes, #of seconds and milliseconds... 2 minutes in the above example 
| Revision Tue Jul 12 12:36:16 2005 wrote: |
modified regular expression in order to not activate the auto-refresh in the signle entry view
|
|
|
16
|
Wed Sep 7 16:52:30 2005 |
Peter Eriksson | peter@ifm.liu.se | Other | Solaris 10 SMF/Greenline management manifest for ELog | Stable | |
Please find enclosed as an attachment a Solaris 10 SMF/Greenline manifest that can be used to manage ELog.
(If you don't know what it is - it replaces init.d/cron/inittab and more stuff) |
|
17
|
Mon Oct 10 18:47:09 2005 |
Exaos Lee | Exaos.Lee@gmail.com | Script | How to run elogd on Gentoo Linux | Stable | Tue Oct 11 08:06:55 2005 by Stefan Ritt |
| I have created some scripts for running elogd on Gentoo Linux. Please untar the attachment and read the file "elogd_gentoo_readme". Any comment is welcomed. |
|
19
|
Sat Oct 21 02:23:17 2006 |
Leo Souza | leo@leo.com | Documentation | teste abc | Stable | 1.0 |
| alksjdkajklasjdas |
|
20
|
Wed Jan 10 23:08:27 2007 |
Exaos Lee | Exaos.Lee@gmail.com | Script | Script for running ELOGD on Ubuntu Linux | Stable | |
I prepared one init script for ELOGD running on Ubuntu Linux.
Please see the attachment. |
|
21
|
Tue Feb 20 18:20:40 2007 |
Val Schmidt | vschmidt@ldeo.columbia.edu | Documentation | Secure elog with SSL under Apache2 on Ubuntu | Stable | |
The steps for configuration under Apache2 are a bit different. Below I've included a quick list of instructions for Ubuntu. One nice thing about this method, is that only https requests to https://your.url/elog are redirected (not all https connections to your url) so you can have other services running under ssl:
My Setup:
Ubuntu 6.10 (Edgy):
Linux tide1 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
Packages:ii apache2 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-common 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-mpm-worker 2.0.55-4ubuntu4 high speed threaded model for Apache2
ii apache2-utils 2.0.55-4ubuntu4 utility programs for webservers
ii elog 2.6.1+r1642-1 Logbook system to manage notes through a Web ---
To setup ssl in apache2 for elog I started here:
This min-howto was kindly provided in a forum. I reproduced it here without permission.
A Mini-Howto for apache2:
apt-get install apache2
apache2-ssl-certificate
(and answer the questions)
Now, enable ssl:
a2enmod ssl
configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
"/etc/apache2/sites-enabled/ssl" should look like this:
NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:
NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443
In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Hope it helps :)
This method, without configuraiton of any of the <Directory> directives in /etc/apache2/sites-available/ssl, makes everything in /var/www https accessible. This may not be desirable. Configure the directives as you see fit.
To get SSL forwarding going for elog, in /etc/apache2/sites-available/ssl, I added the following:
ServerName tide1.unh.edu
ProxyRequests Off
ProxyPreserveHost On
<Location /elog/>
Order allow,deny
allow from all
ProxyPass http://tide1.unh.edu:8080/
ProxyPassReverse http://tide1.unh.edu:8080/
SSLRequireSSL
</Location>
Once this is in place one must restart apache with
sudo /etc/init.d/apache2 force-reload
In /etc/elog.conf I added:
URL=https://tide1.unh.edu/elog
and restarted elog as above.
Finally, I removed the firewall entry that allowed connections to port 8080 for non-secure elog.
Items of note:
The "apache2-ssl-certificate" created a certificate that seems to expire in 30 days. This obviously not ideal. More details about how to create certificates can be found at HERE. At some point in the future, we'll have to figure this out and create a more appropriate certificate. |