Install https would it suffice??
I have a webserver in my local network. I want to make it expose to the Internet probably by port forwarding in my dsl router.
I wanna run it on https (secure http). If I make it listen to port 443, would it means all transactions would be encrypted? Is there a need to modify pages on the webserver or is it enough that it was running in https without editing the webpages? This webserver has some accounting and I don't want to compromise the machine. If worry if somebody might sniff to the transaction. |
the contents of a webpage doesn't matter, no. It's possible to write a page so badly that you compromise it, e.g. by linking to documents with a full http:// url within them etc. Buit as long as you configure the certificates correctly and such then the same web pages will generally work fine over ssl.
|
SSL gets you encryption on the wire, and (given a CA-signed cert) some level of assurance that you're really talking to who you think you're talking to.
SSL doesn't magically secure your web server configuration or your application for you. |
1st you have to assign a public ip-address to your server (which can be done by NATing)and if behind a firewall make sure that the port of the webserver which is accessible from outside should be opened from firewall for incoming traffic. Now for https, find out these lines in your httpd.conf file(if using apache)
Code:
## SSL Support settings as appropriate for your setup. Providing those are properly set and the cert<s> properly generated and available as stated in the configs, then your systems should listen at the proper address/interface on the appropriate port there for connections/services. I believe bindaddress has been depriciated for the listen directive. |
All times are GMT -5. The time now is 10:29 AM. |