Version 1 (modified by 11 years ago) (diff) | ,
---|
Using Secure Socket Layer (SSL)
We encourage you to enable SSL on your project's web servers. If you do this, and follow the instructions below, the following communication will be protected from man-in-the-middle attacks:
- The web RPCs used for account creation, which carry volunteer email addresses.
- HTTP requests that carry volunteer email addresses and passwords, such as the login form.
If, in addition, you use HTTPS for your scheduler URLs, scheduler requests (which carry account authenticators, which can be used to log in to accounts) will be encrypted.
To use SSL, you'll need to buy an SSL certificate. Self-signed certificates can't be used. You'll then need to change your Apache configuration to enable SSL.
BOINC configuration
Add the following line to your html/project/project.inc file:
define("SECURE_URL_BASE", "https://your_url/");
where the URL is that of your HTTPS server (typically your project's master URL with "https://" at the start).
Apache configuration
If you use virtual hosts your Apache config file will need an entry like the following:
<VirtualHost *:443> ServerName setiathome.berkeley.edu DocumentRoot ... path to your /html/user SSLEngine On SSLCertificateFile /etc/pki/tls/certs/setiathome.berkeley.edu.SAN.cert SSLCertificateKeyFile /etc/pki/tls/private/setiathome.berkeley.edu.SAN.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/in_common.crt </VirtualHost>