Re: [BackupPC-users] Backup PC on SSL
Damned the default ssl site was not enabled.. f@#king apache -Original Message- From: Michael Stowe [mailto:mst...@chicago.us.mensa.org] Sent: mercredi 1 juin 2016 18:05 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Backup PC on SSL On 2016-06-01 06:53, FLORENT Philippe wrote: > It is a fresh unmodified debian/apache install I note that fresh, unmodified debian/apache installations do not come with SSL configured, nor do they come with SSL certificates, naturally. If you want to use SSL, of course, you'll need to set this up yourself. -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
The ssl mod is enabled by default, I don't know about the certificates... But I think I installed a wabmin like interface like ajile or something, and I am wondering if it could be the problem -Original Message- From: Michael Stowe [mailto:mst...@chicago.us.mensa.org] Sent: mercredi 1 juin 2016 18:05 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Backup PC on SSL On 2016-06-01 06:53, FLORENT Philippe wrote: > It is a fresh unmodified debian/apache install I note that fresh, unmodified debian/apache installations do not come with SSL configured, nor do they come with SSL certificates, naturally. If you want to use SSL, of course, you'll need to set this up yourself. -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
On Wed, Jun 1, 2016 at 11:05 AM, Michael Stowewrote: > On 2016-06-01 06:53, FLORENT Philippe wrote: >> It is a fresh unmodified debian/apache install > > I note that fresh, unmodified debian/apache installations do not come > with SSL configured, nor do they come with SSL certificates, naturally. > If you want to use SSL, of course, you'll need to set this up yourself. However, note that different distributions have their own ways of packaging and configuring things. Be sure to follow a guide specific to your OS distro - perhaps like this: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-debian-8 -- Les Mikesell lesmikes...@gmail.com -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
On 2016-06-01 06:53, FLORENT Philippe wrote: > It is a fresh unmodified debian/apache install I note that fresh, unmodified debian/apache installations do not come with SSL configured, nor do they come with SSL certificates, naturally. If you want to use SSL, of course, you'll need to set this up yourself. -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
It is a fresh unmodified debian/apache install -Original Message- From: Dmitry Katsubo [mailto:dm...@mail.ru] Sent: mardi 31 mai 2016 22:54 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Backup PC on SSL On 2016-05-31 11:06, FLORENT Philippe wrote: > > It's the defaut config file after install, the problem is that it's a > config, not a virtual host And I have no ide how to set that up > > Ssl seems to work > > CONNECTED(0003) > 140357952337552:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:795: This error message means that your server is not talking SSL over the port you used to connect. For comparison try the following: openssl s_client -connect google.com:80 -- this will result the same error you provided in your email. openssl s_client -connect google.com:443 -- this will result completely different picture; your server should return something similar. Try adding -debug option (openssl s_client -debug -connect ...) -- if you see something like this: read from 0x839e558 [0x83a47f0] (7 bytes => 7 (0x7)) - 48 54 54 50 2f 31 2e HTTP/1. then you server is talking plain HTTP. Try to start from the beginning: check that ssl module is loaded (apache2ctl -M) and enabled, grep for 443 (should find "Listen 443"), check logs, etc. Anyway this is not BackupPC problem. > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 289 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE -- With best regards, Dmitry -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
On 2016-05-31 11:06, FLORENT Philippe wrote: > > It's the defaut config file after install, the problem is that it's a config, > not a virtual host > And I have no ide how to set that up > > Ssl seems to work > > CONNECTED(0003) > 140357952337552:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:795: This error message means that your server is not talking SSL over the port you used to connect. For comparison try the following: openssl s_client -connect google.com:80 -- this will result the same error you provided in your email. openssl s_client -connect google.com:443 -- this will result completely different picture; your server should return something similar. Try adding -debug option (openssl s_client -debug -connect ...) -- if you see something like this: read from 0x839e558 [0x83a47f0] (7 bytes => 7 (0x7)) - 48 54 54 50 2f 31 2e HTTP/1. then you server is talking plain HTTP. Try to start from the beginning: check that ssl module is loaded (apache2ctl -M) and enabled, grep for 443 (should find "Listen 443"), check logs, etc. Anyway this is not BackupPC problem. > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 289 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE -- With best regards, Dmitry -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
It's the defaut config file after install, the problem is that it's a config, not a virtual host And I have no ide how to set that up Ssl seems to work CONNECTED(0003) 140357952337552:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 289 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- -- config file Alias /backuppc /usr/share/backuppc/cgi-bin/ AllowOverride None Allow from all # Uncomment the line below to ensure that nobody can sniff importanti # info from network traffic during editing of the BackupPC config or # when browsing/restoring backups. # Requires that you have your webserver set up for SSL (https) access. #SSLRequireSSL Options +ExecCGI +FollowSymlinks AddHandler cgi-script .cgi DirectoryIndex index.cgi AuthUserFile /etc/backuppc/htpasswd AuthType basic AuthName "BackupPC admin" require valid-user -- default ssl apache file ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown -Original Message- From: Dmitry Katsubo [mailto:dm...@mail.ru] Sent: lundi 30 mai 2016 14:51 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Backup PC on SSL Hi, It's difficult to guess, perhaps you could provide a complete vhost declaration? My guess could be completely unrelated, but have you checked that you have enabled SSL vhost: SSLEngine on ... If so, try connecting to port 443 with telnet, or better with openssl: $ openssl s_client -connect your.host:443 If that also works then try another more permissive browser, e.g. lynx. P.S. BackupPC is working under SSL just fine for me. On 2016-05-30 11:09, FLORENT Philippe wrote: > Hi Everyone, > > I tried to enabling the SSL web interface by uncommenting > SSLRequireSSL (debian 2.4) > > Althought it says I cant connect anymore in firefox with http, it > gives an ssl connection error as I try https > > Is there not some block of options for https virtual hosts in this > case? .. and certificates involved too ? > > (on Debian 2.4, the installation is not perfect since I had to add > +ExecCGI to have the web page work) > > Thanks > > Phil -- With best regards, Dmitry -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Backup PC on SSL
Hi, It's difficult to guess, perhaps you could provide a complete vhost declaration? My guess could be completely unrelated, but have you checked that you have enabled SSL vhost: SSLEngine on ... If so, try connecting to port 443 with telnet, or better with openssl: $ openssl s_client -connect your.host:443 If that also works then try another more permissive browser, e.g. lynx. P.S. BackupPC is working under SSL just fine for me. On 2016-05-30 11:09, FLORENT Philippe wrote: > Hi Everyone, > > I tried to enabling the SSL web interface by uncommenting SSLRequireSSL > (debian 2.4) > > Althought it says I cant connect anymore in firefox with http, it gives > an ssl connection error as I try https > > Is there not some block of options for https virtual hosts in this > case? .. and certificates involved too ? > > (on Debian 2.4, the installation is not perfect since I had to add > +ExecCGI to have the web page work) > > Thanks > > Phil -- With best regards, Dmitry -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Backup PC on SSL
Hi Everyone, I tried to enabling the SSL web interface by uncommenting SSLRequireSSL (debian 2.4) Althought it says I cant connect anymore in firefox with http, it gives an ssl connection error as I try https Is there not some block of options for https virtual hosts in this case? .. and certificates involved too ? (on Debian 2.4, the installation is not perfect since I had to add +ExecCGI to have the web page work) Thanks Phil -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/