SUSE 12 – enable SSL and Create a Self-Signed Certificate

The SSL module is enabled by default in the global server configuration. In case it has been disabled on your host, activate it with the following command: a2enmod ssl. To finally enable SSL, the server needs to be started with the flag “SSL”. To do so, call a2enflag SSL (case-sensitive!). If you have chosen to encrypt your server certificate with a password, you should also increase the value for APACHE_TIMEOUT in /etc/sysconfig/apache2, so you have enough time to enter the passphrase when Apache starts. Restart the server to make these changes active. A reload is not sufficient.

Creating a Self-Signed Certificate on SUSE 12:

root# openssl req -new > vhostname.csr
root# openssl rsa -in privkey.pem -out vhostname.key
root# openssl x509 -in vhostname.csr -out journal.crt -req -signkey vhostname.key -days 3650

Copy the certificate files to the relevant directories, so that the Apache server can read them. Make sure that the private key /etc/apache2/ssl.key/vhostname.key is not world-readable, while the public PEM certificate /etc/apache2/ssl.crt/vhostname.crt is.

Motion and reverse proxy mode.

Apache HTTP Server can be configured in both a forward and reverse proxy (also known as gateway) mode. An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites. Reverse Proxy example:

ProxyPass "/foo" ""
ProxyPassReverse "/foo" ""

ProxyPass /camera
ProxyPassReverse /camera

Continue reading “Motion and reverse proxy mode.”

authz_core:error – client denied by server configuration: /var/lib/roundcube/

From logs:

[Tue May 05 10:01:46.317409 2015] [authz_core:error] [pid 5837] [client] AH01630: client denied by server configuration: /var/lib/roundcube/

From browser:

You don’t have permission to access / on this server.

To enable roundcube on Debian 8 after an upgrade add the following “Require all granted” to a virtual host configuration file:

<Directory /var/lib/roundcube/>
Options +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted

Continue reading “authz_core:error – client denied by server configuration: /var/lib/roundcube/”