Hello,
I would like to make a secure download server out of Apache, SSL, and possibly PHP, but need to know what documents might help get me up to speed on how this is most effectively done. Here are my basic requirements for this server:
+Chroot the Apache service & any other services used for this
+Encrypt password exchange
+Jail all users to their home directories so no one can see who else has an account.
+Make a simple file exchange page for each user, where they can view the directory listing, download and upload files via http protocol (this exchange must be encrypted too).
Are any other thoughts on secureing a simple private download server would be most appreciated. I have done this with SSH/SCP, but so many client networks are so paranoid that I am forced to use a method that can be commonly proxied.
Thanks a lot for your help!
Dan