From 60cc58c940537e299cee388d8b1d8c56e27e2d80 Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Wed, 25 Jun 2014 09:53:12 -0300 Subject: Merge pull-request about HTTPS --- docs/secure-connections.markdown | 59 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 docs/secure-connections.markdown (limited to 'docs/secure-connections.markdown') diff --git a/docs/secure-connections.markdown b/docs/secure-connections.markdown new file mode 100644 index 00000000..109574ae --- /dev/null +++ b/docs/secure-connections.markdown @@ -0,0 +1,59 @@ +How to Enable Secure Connections +================================ + +If you are hosting Kanboard on a public server, and plan on accessing it via the internet, it is a good idea to enable SSL connections to encrypt your data. This is very simple to do with a self-signed certificate. The following instructions were created and tested on a server running Debian 7 (Wheezy) but they should work for any other Linux distribution. + +OpenSSL Installation and Configuration +-------------------------------------- +Install OpenSSL: + +```bash +apt-get update +apt-get install openssl +``` +Enable OpenSSL: + +```bash +a2enmod ssl +``` + +Create a self-signed certificate: + +```bash +mkdir /etc/apache2/ssl +openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/kanboard.pem -keyout /etc/apache2/ssl/kanboard.key +``` + +Apache Configuration +-------------------- +Create an apache configuration file: + +```bash +nano /etc/apache2/conf.d/kanboard.conf +``` + +The contents of this file should look like this: + +```bash + + SSLEngine on + SSLCertificateFile /etc/apache2/ssl/kanboard.pem + SSLCertificateKeyFile /etc/apache2/ssl/kanboard.key + DocumentRoot /var/www + + AllowOverride All + order allow, deny + Allow from all + + +``` + +Be sure to replace 127.0.0.1 with the IP address of your server. If you are hosting kanboard in a location other than /var/www , be sure to update the DocumentRoot to match the location where you are hosting your Kanboard site. + +Restart Apache: + +```bash +service apache2 restart +``` + +You will now be able to access your Kanboard site securely by navigating to `https://www.example.com/kanboard`. Your browser will indicate that the certificate is not trusted. This is due to the fact that it is self signed. You can safely ignore this warning, although the certificate is not trusted, your data is still encrypted. -- cgit v1.2.3