<-[[.:start]]


====== Sandbox Server ======

** UPDATE --- //John Pumford-Green 04/03/25 08:02 GMT// **

<note>
The hardware running this little machine has recently become unreliable, the SSD is dying, so I've turned it off. I'll leave any old information about this box for future reference
</note>


** UPDATE --- //John Pumford-Green 27/04/23 06:16// **

<note>
I have removed the self-signed SSL configuration on the shack //sandbox// server and reverted it to plain HTTP.
I may re-instate it at some point in the future, but I decided I didn't want the hassle of persuading Chrome to accept the self-signed //unsafe// certificate all the time.

The details below show how it was originally set up, and can be used in future should I decide to repeat the process.

</note>
==== Encryption ====

The shack webserver has a mirror of my //real// dokuwiki, to use as a test-bed and after setting it up I discovered that the encryption plugin I was using on the //real// wiki [[https://www.dokuwiki.org/plugin:encryptedpasswords|Encrypted Passwords Plugin]] didn't work.

After some head scratching, and after trying out another plugin (dokucrypt2 plugin), I figured out the difference between the 2 web servers....

The //real// server is configured to do proper HTTPS, with a real, signed SSL certificate. The shack server only does plain old HTTP, no encryption.

To test out my theory that this is what was //breaking// Encrypted Password Plugin I setup self-signed SSL on the shack webserver. It's just for local testing so there's no need for traceable certification, just the ability to handle HTTPS traffic.

It turned out to be quite simple....

I found the information here : [[https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04]]

<code bash>

gm4slv@shack:~/ssl_setup$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Generating a RSA private key
.......................+++++
...........+++++
writing new private key to '/etc/ssl/private/apache-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Shetland
Locality Name (eg, city) []:Clousta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GM4SLV
Organizational Unit Name (eg, section) []:GM4SLV
Common Name (e.g. server FQDN or YOUR name) []:shack
Email Address []:

</code>

The certificates are put in the directories already pointed to in the default SSL site config file so all I had to do was tell apache to enable ssl 

<code bash>
sudo a2enmod ssl
</code>

and enable the default SSL site

<code bash>
gm4slv@shack:/etc/apache2/sites-enabled$ sudo a2ensite default-ssl.conf
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
gm4slv@shack:/etc/apache2/sites-enabled$ sudo service apache2 restart
</code>


==== SSL enabled ====

Browse to https://shack/dokuwiki and I got the usual dire Chrome warning

{{ :public:computers:screenshot_2022-05-30_19.19.16.png?direct&400 |}}


.... but chose to continue anyway...

and it works!

{{ :public:computers:screenshot_2022-05-30_19.15.26.png?direct&400 |}}


==== Encrypted Password Plugin ====

Then I tested the Encrypted Passwords Plugin and ** it also works **


UPDATE--- //John Pumford-Green 31/05/22 21:13//

The [[https://www.dokuwiki.org/plugin:encryptedpasswords|plugin page]] does say that HTTPS is needed:

> Please note that the modern encryption mechanisms used within this Plugin require a modern Browser, JavaScript enabled and a wiki served via HTTPS!

=== Result! ===

I can now use the //sandbox// wiki to test everything that's running on the //real// wiki server.

=== Redirect to https ===


(**UPDATE** --- //John Pumford-Green 31/05/22 10:08//)

edit 

''/etc/apache2/sites-enabled/000-default.conf'' 

to add 

<code>
ServerName gm4slv.plus.com
Redirect permanent / https://gm4slv.plus.com/
</code>

Open & forward router's port TCP/443 to the shack webserver

''sudo service apache2 restart''

Hey presto - external access to HTTPS 


==== Page Info ====


--- //John Pumford-Green 30/05/22 19:05//

Page last updated: ~~LASTMOD~~

{{tag>ssl apache dokuwiki}}