A poor man’s https, using ssh to secure web traffic
Sometimes you get a web-hosting environment that only serves non-ssl (http) content. If you need to do any type of management through tools like phpMyAdmin, then you can see the problem with this. All it would take is someone on your network or on the Internet to sniff the traffic and retrieve your username and password, then they too can do a bit of “management” on your site.
If you also have secure shell (SSH) access, then there is a way to manage your site securely by using SSH’s venerable port forwarding (SOCKS). The trick is to tell your management tools to only listen or respond to connections coming in over SSH instead of normal traffic.
Read more
Apache2 with SSL on Debian
I found myself at a loss on how to enable ssl on apache2, it seemed so simple. Make sure ssl.conf and ssl.load where both in mods-enabled and restart apache2, and done. Not so fast, the damn thing needs a self-signed certificate and the normal scripts are no where to be found on Debian 4.0 Etch. After a bit of searching I’ve come across this little gem that I hope will help all of you too.
Read more
