| ID |
Date |
Author |
Author Email |
Category |
Subject |
Status |
Last Revision |
|
3
|
Fri Jun 6 18:32:14 2003 |
Tomas Rudolf | tomas@mba.be | | ELOG Syntax highlighting in UltraEdit | | | Maybe some of you use UltraEdit code editor (http://www.ultraedit.com/) to
create/modify your ELOGD.CFG files.
Well, in that case we hope you find useful the attached syntax highlighting
configuration file.
To intstall this file into UltraEdit :
MENU --> ADVANCED --> CONFIGURATION --> SYNTAX HIGHLIGHTING tab --> OPEN
WORDLIST
You can also download the latest version from our website :
http://public.mba.be/demo/elog/u-edit-elog-syntax.txt |
| Attachment 1: u-edit-elog-syntax.txt
|
/L7"Elog" Line Comment = ; Block Comment On = /* Block Comment Off = */ String Chars = "' File Extensions = cfg
/Delimiters = ~!@%^&*()-+=|\/{}[]:;"'<> , .?
/C1"Elog Global functions"
** Logbook tabs
** SMTP host =
** Admin Password
** Admin user =
** Selection page
** Self register
** URL=
** Welcome Title
/C2"Elog Syntax"
** Attributes
** Back
** Bottom text
** Comment
** Config
** Copy to
** CSS
** Data dir
** Date format
** Delete
** Display Email recipients
** Display mode
** Download
** Edit
** edit
** Email
** Email All
** Email message body
** Email notification
** Entries per page
** Filtered browsing
** Find
** Find Menu commands
** Fixed Attributes Edit
** Fixed Attributes Reply
** full
** Group
** Guest find menu commands
** Guest menu commands
** Help
** Help URL
** IOptions
** Icon comment
** Language
** Last day
** Locked Attributes
** Logbook dir
** Logbook Tabs
** Logbook tabs
** Logfile
** Login
** Logout
** Main tab
** Menu commands
** Message Height
** Message Width
** MOptions
** Move to
** New
** Number Attachments
** on
** Options
** Page Title
** Password file =
** port
** Preset
** Quick filter
** Remove on reply
** Reply
** Required Attributes
** Resource dir
** Restrict edit
** Reverse sort
** ROptions
** Search all logbooks
** Self register
** SMTP host
** Search all logbooks
** Subdir
** Submit Page
** Subst
** Subst on reply subject
** Suppress default
** Suppress Email on edit
** Suppress Email to users
** Tab cellpadding
** Theme
** Thread display
** Thread Icon
** threaded
** Use Email From
** Use Email Subject
/C3"Elog MBA reserved attributes"
** %a %d %m %y
** %%Action
** %%BookName
** %%MessageID
** %%User
AsTo
Author
By
Categorie
Category
Contract
DateUp
DosL
DosR
Dossier
** Email AdressesEmail
** Email AsTo
** Email Partner
Email1
FollowUp
Forms
Inotifie
Inotifie
Notify
Notify
Origin
Partner
Priorite
Priority
Qualify
ShellLogFile
ShellOnSubmit0
ShellOnSubmit1
ShellParam0
ShellParam1
ShellParamVerboseType
Status
Type
|
|
4
|
Fri Jun 13 17:10:48 2003 |
Sridhar Anandakrishnan | sak@essc.psu.edu | | submit emails to elog (along with MIME attachments) | | | Attached is a perl script to which you can pipe a message (or a
single-message file) to submit that message to `elog'. The `elog'
distribution includes two programs `elogd', which is the main daemon that is
accessed via the browser, and `elog', which is a command-line interface to
elogd.
The attached perl script `mailelog', will split a multipart MIME message
into its components and submit each as an attachment to elog to create a new
entry in a specified logbook. The attributes are the subject, from, and cc
of the message.
Usage: mailelog [-|file] [-l logbook]
(if there are no arguments, read from stdin)
(makes a command that looks like this:
elog -p 8080 -h localhost -l emails -a subject=<subject> -a from=<from> -a
cc=<cc> -f attachment-1 -f attachment-2 -f ...
attachment-1 is the body of the message and attachment-2... are the actual
MIME attachments. Set the elogd configuration to display attachments, so
that the message body is immediately visible.
Defaults: -h localhost -p 8080 -l emails
If no `-l logbook' flag is specified, then the entry is sent to the `emails'
logbook, so make sure that logbook exists. Save this in, e.g,
~/bin/mailelog, and make sure it is executable (`chmod +x mailelog') and on
your path (bash: `export PATH=$HOME/bin:$PATH' or csh/tcsh: `setenv PATH
$HOME/bin:$PATH')
Bugs: multi-message files don't work. can't add other attributes. if the
logbook doesn't have attributes subject, from, cc, they are quietly lost. |
| Attachment 1: mailelog
|
#!/usr/bin/perl -w
=head1 NAME
doelog - save a mime message to elog
=head1 SYNOPSIS
doelog [-l logbook] <mime-msg-file> <mime-msg-file> ...
someprocess | doelog [-l logbook] -
=head1 DESCRIPTION
Takes one or more files from the command line that contain MIME
messages, and explodes their contents out into /tmp. The parts
are sent to elog as attachments.
Modified mimeexplode of the MIME::Tools in perl, which see.
From mimeexplode:
"This was written as an example of the MIME:: modules in the
MIME-parser package I wrote. It may prove useful as a quick-and-dirty
way of splitting a MIME message if you need to decode something, and
you don't have a MIME mail reader on hand."
=head1 COMMAND LINE OPTIONS
None yet.
=head1 AUTHOR
sak@essc.psu.edu
=cut
BEGIN { unshift @INC, ".." } # to test MIME:: stuff before installing it!
require 5.001;
use strict;
use vars qw($Msgno $cmd $default_logbook $tmpdir);
use MIME::Parser;
use Getopt::Std;
##
## $Id: doelog,v 1.4 2003/06/05 13:08:16 sak Exp sak $
## $Log: doelog,v $
## Revision 1.4 2003/06/05 13:08:16 sak
## Added a kludge to force elog to return if there is nothing piped to
## it. Now you can use doelog either as a pipe or on a single-message file
##
## Revision 1.3 2003/06/05 12:37:49 sak
## Added "configuration section" to hold config variables like default
## logbook and tmpdir.
##
## Revision 1.2 2003/06/05 12:28:03 sak
## Allow up to 50 attachments
##
## Revision 1.1 2003/06/05 12:26:24 sak
## Initial revision
##
## CONFIGURATION SECTION
## base elog cmd
$cmd = "elog -h localhost -p 8080 ";
$default_logbook="emails";
$tmpdir="/tmp";
## END CONFIGURATION SECTION
#------------------------------------------------------------
# dump_entity - dump an entity's file info
#------------------------------------------------------------
sub dump_entity {
my $ent = shift;
my @parts = $ent->parts;
my $file;
die "too many attachments\n" if ($#parts>50);
if (@parts) { # multipart...
map { dump_entity($_) } @parts;
}
else { # single part...append to elog cmd
$file = $ent->bodyhandle->path;
$cmd .= "-f \"$file\" ";
###print $cmd, "\n";
###print " Part: ", $ent->bodyhandle->path,
### " (", scalar($ent->head->mime_type), ")\n";
}
}
#------------------------------------------------------------
# main
#------------------------------------------------------------
sub main {
my $file;
my $entity;
my $subject;
my $from;
my $cc;
my $logbook;
our($opt_l);
# Sanity:
## (-w ".") or die "cwd not writable, you naughty boy...";
## check if user wants a particular logbook
## fix to add host and port?
getopts('l:');
if($opt_l) { $logbook=$opt_l;} else {$logbook=$default_logbook;}
$cmd .= "-l $logbook ";
# Go through messages:
@ARGV or unshift @ARGV, "-";
while (defined($file = shift @ARGV)) {
# Create a new parser object:
my $parser = new MIME::Parser;
# Optional: set up parameters that will affect how it extracts
# documents from the input stream:
$parser->output_under($tmpdir);
# Parse an input stream:
open FILE, $file or die "couldn't open $file";
$entity = $parser->read(\*FILE) or
print STDERR "Couldn't parse MIME in $file; continuing...\n";
close FILE;
## get the subject, assumes all logbooks have a subject
## attribute - not necessarily true. Mine do...
if($subject = $entity->head->get('Subject', 0)) {
chomp($subject);
$cmd .= "-a subject=\'$subject\' ";
}
if($from = $entity->head->get('From', 0)) {
chomp($from);
$cmd .= "-a from=\'$from\' ";
}
if($cc = $entity->head->get('CC', 0)) {
chomp($cc);
$cmd .= "-a cc=\'$cc\' ";
}
##print $cmd, "\n";
# Congratulations: you now have a (possibly multipart) MIME entity!
dump_entity($entity) if $entity;
### $entity->dump_skeleton if $entity;
### print $cmd, "\n";
### kludge to force elog to return
exec "$cmd<<EOF
EOF";
}
1;
}
exit (&main ? 0 : -1);
#------------------------------------------------------------
1;
|
|
5
|
Thu Jul 3 17:04:58 2003 |
Fred Hooper | fhooper@sushisoft.com | | elog2sql - version 0.99 - scripts to convert an elog logbook to a MySQL database | | | Announcing: elog2sql
elog2sql was created to help translate logbooks created by the program
``elog'' from the native elog flat file format to a MySQL database. I had a
need to have the elog data in a database, and it appears from the forum that
several others had a similar need.
I created a set of perl scripts that will allow the translation of elog
logbooks into a MySQL database. The design and implementation of these
scripts are a simple one, and allow the one-time copying of a set of logbooks.
The elog2sql toolkit consists of two scripts. The first script, parsecfg.pl,
reads a elogd.cfg, and creates a sql file that will create a set of db
tables corresponding to elog logbooks. The second script, parselog.pl, takes
a set of elog logfiles, and creates a sql file that will enter the logbook
data into the database. The result is a copy of the elog logbook that can
used as desired inside the framework of MySQL. Attachments are handled by
inserting an entry of the attachment name into an seperate attachment table.
This allows multiple attachments per entry.
You can download the elog2sql program archive at
http://www.davidfannin.com/elog2sql/elog2sql.tar.gz . It contains the
scripts and basic documentation. You can read the man page at
http://www.davidfannin.com/elog2sql/index.html
I have also uploaded a copy of the archive here.
email me for questions or comments. |
| Attachment 1: elog2sql.tar.gz
|
|
7
|
Wed Jan 14 18:30:34 2004 |
Francois Cukier | Francois.Cukier@Umontreal.ca | Theme/Skin | Bubble for pleasure 1 -- still under developpement but working ;) | Beta | | | Uncompress "Bubbleforpleasure1.zip" in your Themes\default folder if you
want to replace the original elog theme. Otherwise, if you decompress it in
another folder, you will need to modify your elogd.cfg file as described at
this adress: http://midas.psi.ch/elog/config.html |
| Attachment 1: Bubbleforpleasure1.zip
|
| Attachment 2: BubbleForPleasure1-theme.GIF
|
|
|
10
|
Fri Sep 24 23:14:47 2004 |
Sridhar Anandakrishnan | sak@essc.psu.edu | Script | Perl script to forwar emails to elog | Alpha | | Takes one or more files from the command line that contain MIME
messages, and explodes their contents out into /tmp. The parts
are sent to elog as attachments. |
| Attachment 1: doelog
|
#!/usr/bin/perl -w
=head1 NAME
doelog - save a mime message to elog
=head1 SYNOPSIS
doelog <mime-msg-file> <mime-msg-file> ...
someprocess | doelog -
=head1 DESCRIPTION
Takes one or more files from the command line that contain MIME
messages, and explodes their contents out into /tmp. The parts
are sent to elog as attachments.
Modified mimeexplode of the MIME::Tools in perl
This was written as an example of the MIME:: modules in the
MIME-parser package I wrote. It may prove useful as a quick-and-dirty
way of splitting a MIME message if you need to decode something, and
you don't have a MIME mail reader on hand.
=head1 COMMAND LINE OPTIONS
None yet.
=head1 AUTHOR
sak@essc.psu.edu
=cut
BEGIN { unshift @INC, ".." } # to test MIME:: stuff before installing it!
require 5.001;
use strict;
use vars qw($Msgno $cmd);
use MIME::Parser;
use Getopt::Std;
## these should be options too?
## base elog cmd
$cmd = "~/elog -h localhost -p 8080 ";
#------------------------------------------------------------
# dump_entity - dump an entity's file info
#------------------------------------------------------------
sub dump_entity {
my $ent = shift;
my @parts = $ent->parts;
my $file;
die "too many attachments\n" if ($#parts>10);
if (@parts) { # multipart...
map { dump_entity($_) } @parts;
}
else { # single part...append to elog cmd
$file = $ent->bodyhandle->path;
$cmd .= "-f \"$file\" ";
## print $cmd, "\n";
## print " Part: ", $ent->bodyhandle->path,
## " (", scalar($ent->head->mime_type), ")\n";
}
}
#------------------------------------------------------------
# main
#------------------------------------------------------------
sub main {
my $file;
my $entity;
my $subject;
my $logbook;
our($opt_l);
# Sanity:
## (-w ".") or die "cwd not writable, you naughty boy...";
## check if user wants a particular logbook
## fix to add host and port?
getopts('l:');
if($opt_l) { $logbook=$opt_l;} else {$logbook="emails";}
$cmd .= "-l $logbook ";
# Go through messages:
@ARGV or unshift @ARGV, "-";
while (defined($file = shift @ARGV)) {
# Create a new parser object:
my $parser = new MIME::Parser;
# Optional: set up parameters that will affect how it extracts
# documents from the input stream:
$parser->output_under("/tmp");
# Parse an input stream:
open FILE, $file or die "couldn't open $file";
$entity = $parser->read(\*FILE) or
print STDERR "Couldn't parse MIME in $file; continuing...\n";
close FILE;
## get the subject, assumes all logbooks have a subject
## attribute - not necessarily true. Mine do...
chomp($subject = $entity->head->get('Subject', 0));
$cmd .= "-a subject=\"$subject\" ";
print $cmd, "\n";
# Congratulations: you now have a (possibly multipart) MIME entity!
dump_entity($entity) if $entity;
### $entity->dump_skeleton if $entity;
### print $cmd, "\n";
exec $cmd;
}
1;
}
exit (&main ? 0 : -1);
#------------------------------------------------------------
1;
|
|
11
|
Wed Nov 24 23:45:19 2004 |
damon nettles | nettles@phgrav.phys.lsu.edu | Other | Steps for securing Elog using SSL and Apache | Stable | | Everything in this guide was done on a full install of Fedora Core 3 running
Apache 2.0. If you are using an older version of Apache some of this may not
work, so I recommend upgrading. Also, on different Linux distributions, some
of the paths may be different.
The goal here is to get Elog set up under Secure Socket Layers, so that
communication both ways is encrypted. This will cover any password
transactions so nothing gets sent over the web in the clear.
The previous method of securing the Elog, which involved using stunnel, is
out of date. A better way to go is to use the Elog in conjunction with
Apache. The Apache method leverages all the research and development that's
gone into providing secure sockets for Apache, and removes the need for any
serious reinventing of the wheel.
We begin with a web server running on port 80 and an Elog server running on
port 8080.
Making Certificates:
It's necessary to generate some secure certificates to be issued to anyone
who attempts to access the securesite.
A guide to making the certificates can be found at:
http://slacksite.com/apache/certificate.html
So, following the steps in the article:
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out\
server.key 1024
where the \ is merely an indicator that the command wouldn't fit on a line
here. The fileN references are sources of random information to help the
random number seed be more random. I merely used some personal text files
that were zipped up, as suggested in the page.
openssl rsa -in server.key -out server.pem
Removes the RSA encryption from the key, to make it easier for the Apache
server to deal with it.
openssl req -new -key server.key -out server.csr
Starts a line of questioning about us as a certificate issuing entity.
Answer with reasonable values.
openssl x509 -req -days 60 -in server.csr -signkey server.key -
out\
server.crt
After this move the server.pem, server.crt, and server.csr to the
appropriate directories under /etc/httpd/conf/ . The extensions explain
which directory to put them in, with the exception that server.pem ended up
in etc/httpd/conf/ssl.key/ .
In the elogd.cfg file, change the port to 8079, and set the URL to
"https://your.host.name/" . Restarting the Elog daemon now leaves us with
Elog listening to port 8079 instead of port 8080.
The rest of the story is in the "elogredirect.conf" file attached to this
post, but here are the highlights.
Create a virtual host dealing with SSL that listens to port 443 (the ssl
port), and acts as a proxy for port 8079 (where Elog is listening). This
allows Apache to act as an SSL handler for Elog by handing off any access at
https://your.host.name/ to the Elog server. The firewall then can keep out
any direct attempts to access port 8079, so that the only thing that can
reach the Elog server is stuff talking to 8079 on the local side of the
firewall (which pretty much means just the Apache proxy). I recommend
Firestarter for the firewall config by the way, it's a real lifesaver.
http://firestarter.sourceforge.net/
This covers the SSL portion of the story, and by doing the redirection
inside the port 443 virtual host, instead of from the port 80 webpage as
before, you can avoid any path overlap.
As was the case for us, you may have links in older Elog posts, e-mails, or
web pages that point to specific Elog posts. If you have been using Elog for
some time and never bothered with the SSL stuff, the links most likely look
something like
http://your.host.name:8080/yourlogbook/postnumber.
To cover legacy support for calls on port 8080, you can create another
virtual host listening to port 8080. This host's job is to take any
incoming URL calls on "http://your.host.name:8080/a_directory" and
translate them into calls on "https://your.host.name/the_same_directory" .
This means that any attempt to contact the Elog on port 8080 will get
answered by an Apache virtual host that redirects the client through the
Apache SSL virtual host described above. See the conf file for the details.
So in the end, the firewall is set to only allow through ports 80, 443, and
8080. Port 80 handles the normal webpage access stuff. Port 443
exclusively handles the SSL port for the Elog daemon, and port 8080
exclusively handles the redirect for the legacy Elog calls.
Implementation of this setup on another system should be pretty
straightforward. Apache's config file is at /etc/httpd/conf/httpd.conf ,
and it also loads any *.conf files in /etc/httpd/conf.d/ . So its a pretty
simple case of just dropping elogredirect.conf into /etc/httpd/conf.d/ and
restarting the Apache server. Of course the necessary changes to elogd.cfg
have to be made and that server restarted as well. The firewall, too, needs
to be setup to secure the whole deal. Note that the elogredirect.conf file
needs to be edited for your specific setup (changing the instances of
"your.host.name" to whatever your server is, and also putting in the
administrator e-mail address where it is noted).
This work was done by Jonathan Hanson and Damon Nettles in the Gravity Lab
at Louisiana State University. You can see our Elog at
https://sam.phys.lsu.edu/elog .
If you have any questions or comments send them to
nettles@phgrav.phys.lsu.edu . |
| Attachment 1: elogredirect.conf
|
### Here be things to make the elogd daemon invisibly secure under an
### Apache SSL proxy virtual host. Arrrrrr!
### ----This config file be mostly written by Jonathan Hanson, 11/23/04
### ----With some help from a few old salts on the net.
### This be the first instance of SSL in our setup, so the SSL module
### Must be called. This can be commented out if it don't put wind in
### your sails.
LoadModule ssl_module modules/mod_ssl.so
### Ahoy, ye scurvy land dogs! Listen to the SSL port (443) or may the
### sea beasts take ye!
Listen 443
### Make a virtual host at the default server name, and assign it port 443.
<VirtualHost _default_:443>
### Here be standard configuration for the Virtual Host
ServerAdmin your_e-mail_address
ServerName _default_:443
RequestHeader set Front-End-Https "On"
### This be the path to the elog directory
### (This didn't seem to make any difference, but it be a good
### idea nonetheless)
DocumentRoot /usr/local/elog
### Here be the setup for the SSL component of the Virtual Host
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.pem
### Here be the setup options for the Proxy module
ProxyRequests Off
ProxyPreserveHost On
### This be the root of the new Virtual Host, and it should be
### redirected to the port the elogd server is listening to
### (8079 on our poop deck).
<Location />
ProxyPass http://your.host.name:8079/
ProxyPassReverse http://your.host.name:8079/
SSLRequireSSL
</Location>
### Shiver me timbers! A firewall can be laid across the elog
### port to hinder direct access from the outside world to the elog
### daemon. This'll make the scurvy wretches come in through the apache
### proxy virtual host, and batten down the hatches on the elog in general.
</VirtualHost>
### Our previous elog configuration was at http://your.host.name:8080 and some of our
### users made static HTML links to other posts in their posts and email. They be sleeping
### in Davy Jones's locker in the briney deep now, but we be needing to make these posts
### backward-compatible. We be changing the port Elogd listens to (as above) to 8079, and
### then we be using another new virtual host at port 8080 to redirect to the new SSL URL.
### So it appears to the landlubbers outside as if a normal elog server is listening to port
### 8080, but in reality it be a Virtual Host redirecting through the other SSL virtual host
### which then be passing it on to the port the elog server really be listening to.
### If ye not be needing this backwards compatability, the following section can be made
### to walk the plank.
### I won't be telling ye twice, ye slimy bilge rat! Pay attention to what
### used to be the old elog port(8080).
Listen 8080
<VirtualHost _default_:8080>
### Here be standard configuration for the Virtual Host
ServerAdmin your_e-mail_address
ServerName _default_:8080
### This be the path to the html directory
### (This didn't seem to make any difference, but it be a good
### idea nonetheless)
DocumentRoot /httpd/html
### Here be the dark magic of mod_rewrite. Quake in your boots ye dogs!
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*) https://your.host.name/$1 [NC,R=301,L]
</IfModule>
</VirtualHost>
### In the end, elog be reachable through either https://your.host.name/
### or http://your.host.name:8080/ , though the latter will be rewritten
### to the former as soon as the request be made. This be satisfying our
### needs for backwards compatbility with old URLs, while ensuring modern
### secure SSL support. Beware matey, recognize that we also had to change
### the port that elog listens to, and then add a URL line in the elogd.cfg
### file:
### port = 8079
### URL = https://your.host.name/
### Also a firewall was brought up and told to allow through only ports
### 80(html), 443(SSL), and 8080(the elog stand-in) and of course any other
### ports ye may need for other applications.
|
|
16
|
Wed Sep 7 16:52:30 2005 |
Peter Eriksson | peter@ifm.liu.se | Other | Solaris 10 SMF/Greenline management manifest for ELog | Stable | | Please find enclosed as an attachment a Solaris 10 SMF/Greenline manifest that can be used to manage ELog.
(If you don't know what it is - it replaces init.d/cron/inittab and more stuff) |
| Attachment 1: elog.xml
|
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2005-06-17 Peter Eriksson (peter@ifm.liu.se)
This manifest can be used to manage an elog daemon using the
Solaris SMF subsystem.
Import this manifest using:
svccfg -v import elog.xml
Then activate the daemon with:
svcadm enable site/elog
-->
<service_bundle type='manifest' name='IFM:elog'>
<service
name='site/elog'
type='service'
version='1'>
<single_instance />
<!-- Need / & /usr filesystems mounted, /var mounted read/write -->
<dependency
name='fs-local'
type='service'
grouping='require_all'
restart_on='none'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency
name='network-service'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/network/service' />
</dependency>
<dependency
name='name-services'
grouping='require_all'
restart_on='refresh'
type='service'>
<service_fmri value='svc:/milestone/name-services' />
</dependency>
<exec_method
type='method'
name='start'
exec='/ifm/sbin/elogd -D -c /ifm/etc/elogd.cfg'
timeout_seconds='60'>
</exec_method>
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='30'>
</exec_method>
<instance name='default' enabled='false' />
<stability value='Evolving' />
<template>
<common_name>
<loctext xml:lang='C'>
Electronic Logbook server
</loctext>
</common_name>
<documentation>
<manpage title='elogd' section='1' manpath='/usr/local/man' />
</documentation>
</template>
</service>
</service_bundle>
|
|
18
|
Mon Sep 25 11:24:05 2006 |
Yoshio Imai | | Documentation | securing of elog with stunnel v4 under Linux | Beta | | | The following instructions should work in securing the elog using stunnel version 4 under Linux. The specific paths may have to be adapted to your distribution. A sample configuration file is attached. |
| Attachment 1: elog-stunnel4.howto
|
1. Prepare a certificate
------------------------
either: request a certificate for your elog URL from your web administrator
- the private key must not be password-protected
- the 'common name' must be the URL of your elog server
or: create a self-signed certificate yourself with the OpenSSL package
- as root user, create a self-signed certificate with the command
root@localhost:# openssl req -new -x509 -config /etc/ssl/openssl.cnf -keyout stunnel.pem -out stunnel.pem -days 365 -nodes
- this creates a self-signed certificate (-x509) whith one year validity (-days 365)
and no password protection for the private key (-nodes)
- private key and certificate are written to the same file, "stunnel.pem"
Answer all questions, making sure that the 'common name' is the URL under which users
are to reach your elog server.
For more information on how to create and/or manage SSL certificates, see e.g.
http://www.ibiblio.org/pub/Linux/docs/HOWTO/SSL-Certificates-HOWTO
Notice: Unless your web administrator can procure a certificate signed by an established
CA, your elog users will be asked if they want to accept your (unverifiable) certificate
when connecting to your elog server. This is no problem at all but can lead to
questions if your users are unsure about this.
2. Adapt the certificate file to stunnel4 conventions
-----------------------------------------------------
The certificate filename must be the MD5 checksum:
- Retrieve the MD5 checksum of your certificate with
root@localhost:# openssl x509 -hash -noout -in stunnel.pem
abcdefgh
- Rename the certificate file accordingly
root@localhost:# mv stunnel.pem abcdefgh.0
- Move the certificate file to the standard location, e.g. /etc/ssl/certs
- change the permissions of the file to -rw-------
- make sure there is a blank line between
-----END RSA PRIVATE KEY----- and -----BEGIN CERTIFICATE-----
and a blank line after
-----END CERTIFICATE-----
in your certificate file.
3. Configure stunnel4
---------------------
Install the stunnel4 package (if not already done).
Modify the configuration file (e.g. /etc/stunnel/stunnel.conf, depending on your
distribution):
- general options:
cert = /etc/ssl/certs/abcdefgh.0 ; put the name of your certificate file here
debug = 4 ; otherwise ALL connection attempts will be logged to your syslog
pid = /var/run/stunnel4/stunnel.pid ; check where the other services write their pid-files, depends
; somewhat on the distribution
- comment out all lines containing chroot options
- comment out all CA lines
- comment out all service sections except the HTTPS section, which should look as follows
[https]
accept = 443 ; i.e. stunnel listens on port 443, the standard https port
connect = 8080 ; and forwards all connections to port 8080 (use the port under which
; your elogd is running here!)
TIMEOUTclose = 0 ; for buggy MS Internet Explorers, see the stunnel4 manpage
Some Linux distributions require that in the file /etc/defaults/stunnel4 the option ENABLED be set
to ENABLED=1. If not, the stunnel will not be started at system bootup.
4. Start the stunnel4 server
----------------------------
root@localhost# stunnel4 /etc/stunnel/stunnel.conf
Your elog should now be accessible via
https://your.elog.server
|
| Attachment 2: stunnel.conf
|
cert = /etc/ssl/certs/abcdefgh.0
pid = /var/run/stunnel4/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Some debugging stuff useful for troubleshooting
debug = 4
; Service-level configuration
[https]
accept = 443
connect = 8080
TIMEOUTclose = 0
|
|
20
|
Wed Jan 10 23:08:27 2007 |
Exaos Lee | Exaos.Lee@gmail.com | Script | Script for running ELOGD on Ubuntu Linux | Stable | | I prepared one init script for ELOGD running on Ubuntu Linux.
Please see the attachment. |
| Attachment 1: elogd_ubuntu.tgz
|
|
21
|
Tue Feb 20 18:20:40 2007 |
Val Schmidt | vschmidt@ldeo.columbia.edu | Documentation | Secure elog with SSL under Apache2 on Ubuntu | Stable | | The steps for configuration under Apache2 are a bit different. Below I've included a quick list of instructions for Ubuntu. One nice thing about this method, is that only https requests to https://your.url/elog are redirected (not all https connections to your url) so you can have other services running under ssl:
My Setup:
Ubuntu 6.10 (Edgy):
Linux tide1 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
Packages:ii apache2 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-common 2.0.55-4ubuntu4 next generation, scalable, extendable web se
ii apache2-mpm-worker 2.0.55-4ubuntu4 high speed threaded model for Apache2
ii apache2-utils 2.0.55-4ubuntu4 utility programs for webservers
ii elog 2.6.1+r1642-1 Logbook system to manage notes through a Web ---
To setup ssl in apache2 for elog I started here:
This min-howto was kindly provided in a forum. I reproduced it here without permission.
A Mini-Howto for apache2:
apt-get install apache2
apache2-ssl-certificate
(and answer the questions)
Now, enable ssl:
a2enmod ssl
configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
"/etc/apache2/sites-enabled/ssl" should look like this:
NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:
NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443
In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Hope it helps :)
This method, without configuraiton of any of the <Directory> directives in /etc/apache2/sites-available/ssl, makes everything in /var/www https accessible. This may not be desirable. Configure the directives as you see fit.
To get SSL forwarding going for elog, in /etc/apache2/sites-available/ssl, I added the following:
ServerName tide1.unh.edu
ProxyRequests Off
ProxyPreserveHost On
<Location /elog/>
Order allow,deny
allow from all
ProxyPass http://tide1.unh.edu:8080/
ProxyPassReverse http://tide1.unh.edu:8080/
SSLRequireSSL
</Location>
Once this is in place one must restart apache with
sudo /etc/init.d/apache2 force-reload
In /etc/elog.conf I added:
URL=https://tide1.unh.edu/elog
and restarted elog as above.
Finally, I removed the firewall entry that allowed connections to port 8080 for non-secure elog.
Items of note:
The "apache2-ssl-certificate" created a certificate that seems to expire in 30 days. This obviously not ideal. More details about how to create certificates can be found at HERE. At some point in the future, we'll have to figure this out and create a more appropriate certificate. |
|