CentOS / RHEL: Vsftpd SSL / TLS FTP Server Configuration

Posted on in Categories CentOS, FTP Server, Linux, Networking, RedHat/Fedora Linux, Security last updated January 8, 2014

Vsftpd FTP server supports secure connections via SSL / TLS, same encryption used with online banking and shopping. This applies to the control connection (including login) and also data connections. You will need a ftp client with SSL support too. In this post, I am going to show you how To configure vsftpd to yse SSL/TLS on a CentOS or Red Hat Enterprise Linux (RHEL) version 5.x/6.x to secure communication.

How To Lighttpd Create Self Signed SSL Certificates

Posted on in Categories lighttpd, Linux, OS X, Security, UNIX last updated April 2, 2008
Lighttpd logo

If you are testing an application (web based) or just want secure login page for your application, you can create a self signed SSL Certificates. I have already explained the procedure for installing real third party signed SSL certificate.

Procedure is as follows:

Step # 1: Create self signed SSL Certificates

Create a directory to store SSL certificate:

# mkdir /etc/lighttpd/ssl/domain.com -p
# cd /etc/lighttpd/ssl/domain.com
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# chown lighttpd:lighttpd /etc/lighttpd/ssl -R
# chmod 0600 /etc/lighttpd/ssl/domain.com

You need to provide information such as country name, your domain name etc.

Step # 2: Configure Lighttpd

Open lighttpd configuration file:
# vi /etc/lighttpd/lighttpd.conf Add config directives as follows:
$SERVER["socket"] == "192.168.1.100:443" {
server.document-root = "/home/lighttpd/domain.com"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain.com/server.pem"
}

Make sure you replace ip 192.168.1.100 with your actual IP address.

Step # 3: Restart Lighttpd

Test config file for errors:
# lighttpd -t -f /etc/lighttpd/lighttpd.conf
Now Restart lighttpd:
# /etc/init.d/lighttpd restart

Make sure port 443 is open
# netstat -tulpn | grep :443

Configure firewall/iptables and open port 443. Following is sample iptabables rules. You need to append code to your iptables shell script:
SERVER_IP="192.168.1.100"
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 443 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Redirect plain text login page to secure login page

Let us assume you would like to redirect all incoming wordpress requests http://domain.com/blog/wp-login.php request to https://domain.com/blog/wp-login.php
Add following code snippet to your lighttpd.conf file’s port 80 section:
$HTTP["url"] =~ "^/blog/wp-login.php*" {
url.redirect = ( "^/(.*)" => "https://www.domain.com/$1" )
}

You may need to modify your login page to submit form over SSL.