Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don't, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

  • Apache and mod_ssl 2.4.6 or higher

Start with installing Apache and mod_ssl.

# yum -y install httpd mod_ssl

Edit httpd.conf and add/amend the following lines.

# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<Proxy *>
Order deny,allow
Deny from all
Allow from 10.0.10.0/24
</Proxy>

***Note: Replace 10.0.10.0/24 with required LAN Subnet***

Create a file for a ProxyPass

# vi /etc/httpd/conf.d/proxy_ajp.conf
ProxyPass /wps/ ajp://localhost:8009/wps/

Now create a new redirect file so that all requests go to "https"

# vi /etc/httpd/conf.d/redirect.conf
Redirect / https://10.0.10.19/wps/

*** Note - Replace 10.0.10.19 with WPS Server IP Address***

Now the last step is to disable plain "http" access in Tomcat Add/Edit "/opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml" file (The "/wps/" path is dependent on the WPS setup) and add the below lines before </web-app>

# vi /opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml

<!-- Require HTTPS for everything except /img (favicon) and /css. -->
 <security-constraint>
  <web-resource-collection>
     <web-resource-name>HTTPSOnly</web-resource-name>
     <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>
 <security-constraint>
  <web-resource-collection>
     <web-resource-name>HTTPSOrHTTP</web-resource-name>
     <url-pattern>*.ico</url-pattern>
     <url-pattern>/img/*</url-pattern>
     <url-pattern>/css/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Now restart Apache and wps service for the changes to take effect.

# systemctl restart httpd && systemctl restart wps

Check the status to make sure all is up and working

# systemctl status httpd && systemctl status wps

Now browse to the https URL and all should be up and running

(https://hostname_or_IP/wps)

Please do let us know if you come across any issues and we will try to help resolve as soon as we can.

Most Read Articles

Add/Detect a new disk in ...

Written By Farooq Mohammed Ahmed on Sunday, 11 January 2015 19:22
Add/Detect a new disk in ...

Upgrade Red Hat Satellite...

Written By Farooq Mohammed Ahmed on Friday, 22 April 2016 18:33
Upgrade Red Hat Satellite...

Cacti Install and Config ...

Written By Farooq Mohammed Ahmed on Monday, 30 November 2015 11:13
Cacti Install and Config ...

Using awk in Alias Comman...

Written By Farooq Mohammed Ahmed on Friday, 19 February 2016 14:22
Using awk in Alias Comman...

Replace SSL Certificates ...

Written By Farooq Mohammed Ahmed on Friday, 16 December 2016 08:05
Replace SSL Certificates ...