| | 1 | = Using Secure Socket Layer (SSL) = |
| | 2 | |
| | 3 | We encourage you to enable SSL on your project's web servers. |
| | 4 | If you do this, and follow the instructions below, |
| | 5 | the following communication will be protected from man-in-the-middle attacks: |
| | 6 | |
| | 7 | * The web RPCs used for account creation, which carry volunteer email addresses. |
| | 8 | * HTTP requests that carry volunteer email addresses and passwords, such as the login form. |
| | 9 | |
| | 10 | If, in addition, you use HTTPS for your scheduler URLs, |
| | 11 | scheduler requests (which carry account authenticators, which can be used to |
| | 12 | log in to accounts) will be encrypted. |
| | 13 | |
| | 14 | To use SSL, you'll need to buy an SSL certificate. |
| | 15 | Self-signed certificates can't be used. |
| | 16 | You'll then need to change your Apache configuration to enable SSL. |
| | 17 | |
| | 18 | == BOINC configuration == |
| | 19 | |
| | 20 | Add the following line to your '''html/project/project.inc''' file: |
| | 21 | |
| | 22 | {{{ |
| | 23 | define("SECURE_URL_BASE", "https://your_url/"); |
| | 24 | }}} |
| | 25 | |
| | 26 | where the URL is that of your HTTPS server |
| | 27 | (typically your project's master URL with "https://" at the start). |
| | 28 | |
| | 29 | == Apache configuration == |
| | 30 | |
| | 31 | If you use virtual hosts your Apache config file |
| | 32 | will need an entry like the following: |
| | 33 | {{{ |
| | 34 | <VirtualHost *:443> |
| | 35 | ServerName setiathome.berkeley.edu |
| | 36 | DocumentRoot ... path to your /html/user |
| | 37 | SSLEngine On |
| | 38 | SSLCertificateFile /etc/pki/tls/certs/setiathome.berkeley.edu.SAN.cert |
| | 39 | SSLCertificateKeyFile /etc/pki/tls/private/setiathome.berkeley.edu.SAN.key |
| | 40 | SSLCertificateChainFile /etc/httpd/conf/ssl.crt/in_common.crt |
| | 41 | </VirtualHost> |
| | 42 | }}} |
