LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-31-2013, 07:42 AM   #1
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian
Posts: 269

Rep: Reputation: 25
Protecting the unprotected with SSL/TLS


Hey!
Suppose I have a linux server where a given networking service is running. This service is listening on a certain port i.e. 80 for incoming connections and is serving HTTP content - it has a built-in HTTP server. The application does not support secure connections. Is there a way in linux to enable SSL/TLS secure connections for applications that don't natively support it?


Here's what I'm doing:
I'm building a video surveillance device from various components - I disassembled an HD webcam, a TP-LINK TL-MR3020 router, and installed them in a "fake outdoor camera" housing to build a real IP cam. The TL-MR3020 router is flashed with OpenWRT Barrier Breaker firmware, and is offering videostream content via the ethernet port. I am using mjpg_streamer that has a built-in http server, but it does not support SSL. I would like to access such content over a secure connection. Is this possible?

Any suggestions?


Kind regards,
~displace
 
Old 10-31-2013, 08:56 AM   #2
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: RHEL9.4
Posts: 735

Rep: Reputation: 154Reputation: 154
Yes. Run an http service i suppose mod proxy can work too. Then use mod_rewrite to change the service to accept only https connections.

Sorry i am not of more help but today was a long day and hitting some cans of beer.

Anyhow you want something like this.

http://acespritechblog.wordpress.com...-ubuntu-12-04/

Check apache config. Openerp runs as a perl script i think it was, but strange port. I still have the vm, i will try to boot it over the weekend and show my scripts more or less.
 
Old 11-01-2013, 08:39 AM   #3
displace
Member
 
Registered: Jan 2013
Location: EU
Distribution: Debian
Posts: 269

Original Poster
Rep: Reputation: 25
mod_rewrite... that sounds like apache to me. I'm running OpenWRT here, so installing apache on it would be an overkill. Is there something more lightweight? It would probably have to be a proxy, but TBH I haven't used any proxies yet, so I'm mostly swimming in unfamiliar waters. Next I'll also have to block access to the unsecured port, but I take it this can easily be done with iptables.
 
Old 11-02-2013, 12:14 AM   #4
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: RHEL9.4
Posts: 735

Rep: Reputation: 154Reputation: 154
Yes. I read your post with my eyes glued to my bum.

Sorry. Am talking about apache. But, the only way i am aware of doing what you request is by rewriting the url or using a proxy in order to force https. Maybe with wrt you can get into the configs and do something from there. If not you will need some extra hardware or services somewhere.
 
Old 11-02-2013, 07:37 AM   #5
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: RHEL9.4
Posts: 735

Rep: Reputation: 154Reputation: 154
I had a look at their website and your system supports many httpd servers. Is it possible to maybe change to a more widely used httpd service?

You might find these links useful.

http://wiki.openwrt.org/doc/howto/http.overview

http://wiki.openwrt.org/doc/howto/http.overview

But essentially you are looking for setting up a reverse proxy. You then would use a virtual host and the incomming connections connecting to it are accepted on https. You can do that on most servers I would assume.

So figure out what http server you use, and there would likely be a ssl reverse proxy guide for it.

Last edited by ericson007; 11-02-2013 at 10:38 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ssl/tls jmomlhm Linux - Software 3 09-08-2012 02:53 AM
[SOLVED] ip_conntrack_ftp and SSL / TLS Al_ Linux - Security 9 10-02-2009 03:37 PM
MITM in SSL/TLS gustavolinux Linux - Security 1 11-17-2008 01:16 PM
vsftpd ssl/tls jefffq Linux - Software 2 07-05-2005 07:38 PM
SSL vs. TLS X11 Linux - Security 8 12-17-2002 04:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration