Hello!
I need to be able to access the remote console on LAN via HTTPS for compatibility reasons.
Now on my CCGX in SSH (ROOT) editing /etc/hiawatha/hiawatha.conf
to look like this:
# GENERAL SETTINGS
#
#ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/volatile/log/hiawatha/system.log
GarbageLogfile = /var/volatile/log/hiawatha/garbage.log
ExploitLogfile = /var/volatile/log/hiawatha/exploit.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
maxRequestSize = 512
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
}
#
Binding {
Port = 443
# Interface = ::1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
SSLcertFile = /etc/hiawatha/cert.pem
}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#
#FastCGIserver {
# FastCGIid = PHP5
# ConnectTo = 127.0.0.1:2005
# Extension = php
#}
FastCGIserver {
FastCGIid = PHP5
ConnectTo = /var/run/php5-fpm.socket
Extension = php
}
UseFastCGI = PHP5
ExecuteCGI = yes
# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#
#UrlToolkit {
# ToolkitID = banshee
# RequestURI isfile Return
# Match ^/(css|files|images|js|slimstat)($|/) Return
# Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
# Match .*\?(.*) Rewrite /index.php?$1
# Match .* Rewrite /index.php
#}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = none
ErrorLogfile = /var/volatile/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
include /etc/hiawatha/sites-enabled
# Use a VirtualHost section to declare the websites you want to host.
#
#VirtualHost {
# Hostname = www.my-domain.com
# WebsiteRoot = /var/www/my-domain/public
# StartFile = index.php
# AccessLogfile = /var/www/my-domain/log/access.log
# ErrorLogfile = /var/www/my-domain/log/error.log
# TimeForCGI = 5
# UseFastCGI = PHP5
# UseToolkit = banshee
#}
# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
# Path = /home/baduser
# ExecuteCGI = no
# UploadSpeed = 10,2
#}
I've created a self signed cert (testing only for now) mentioned in the SSL setup.
https://www.hiawatha-webserver.org/howto/bindings
Also created an valid letsencrypt cert on another host, with the hostname matching this machine and imported it. No go.
The issue is that the newest version 10.8x uses TLSCertFile instead of SSLCertFile. My Hiawatha version is 10.3 and should use TLSCertFile https://gitlab.com/hsleisink/hiawatha/blob/master/ChangeLog#L166. The generic config before I edited it was SSLCertFile.
Both wont work and give the following error:
root@ccgx:/etc/hiawatha# /etc/init.d/hiawatha restart Restarting Hiawatha Web Server: no /usr/sbin/hiawatha found; none killed Syntax error in hiawatha.conf on line 30. hiawatha.
Where line 30 is the SSL line.
Please advise.
