Anyterm - Using Anyterm with SSL

Using Anyterm with SSL

Using SSL (also known as TLS and HTTPS) you can encrypt communication between client and server and authenticate the server to the client. Apache implements SSL using a module called mod_ssl; with it installed and set up correctly Anyterm can be accessed using an https: URL. mod_ssl does everything, and no changes to Anyterm itself or its configuration are needed.

I suggest that you first install mod_ssl and get it working with normal files. The Debian packages do part of this fairly automatically, though you do need to add things to your Apache configuration file. I found that it was necessary to create a separate VirtualHost section for SSL; something like this might work:

<VirtualHost *:443> DocumentRoot /var/www <Directory "/"> Options FollowSymlinks </Directory> <Directory "/var/www/anyterm/"> Order allow,deny Allow from all SSLRequireSSL AllowOverride All </Directory> ErrorLog /var/log/apache2/error.log Loglevel error CustomLog /var/log/apache2/access.log combined SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/apache2/ssl/apache.pem </VirtualHost>

Simpler configurations are probably possible - please share your experiences in the forum.

Think about whether you want to disable non-SSL access to your Anyterm directory. Disabling it means that you can't accidentally connect non-securely, but you might find a few occasions when that is the only option; for example, some browsers are configured to not accept self-signed certificates.

Any feedback from people who know something about SSL, security etc. would be appreciated.