redhat_Linux

Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

Apache and mod_ssl 2.4.6 or higher

Start with installing Apache and mod_ssl.

# yum -y install httpd mod_ssl

Edit httpd.conf and add/amend the following lines.

# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<Proxy *>
Order deny,allow
Deny from all
Allow from 10.0.10.0/24
</Proxy>

***Note: Replace 10.0.10.0/24 with required LAN Subnet***

Create a file for a ProxyPass

# vi /etc/httpd/conf.d/proxy_ajp.conf
ProxyPass /wps/ ajp://localhost:8009/wps/

Now create a new redirect file so that all requests go to “https“

# vi /etc/httpd/conf.d/redirect.conf
Redirect / https://10.0.10.19/wps/

*** Note - Replace 10.0.10.19 with WPS Server IP Address***

Now the last step is to disable plain “http” access in Tomcat Add/Edit "/opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml" file (The "/wps/" path is dependent on the WPS setup) and add the below lines before </web-app>

# vi /opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml

<!-- Require HTTPS for everything except /img (favicon) and /css. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOrHTTP</web-resource-name>
<url-pattern>*.ico</url-pattern>
<url-pattern>/img/*</url-pattern>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

Now restart Apache and wps service for the changes to take effect.

# systemctl restart httpd && systemctl restart wps

Check the status to make sure all is up and working

# systemctl status httpd && systemctl status wps

Now browse to the https URL and all should be up and running

(https://hostname_or_IP/wps)

Please do let us know via Contact Us if you come across any issues and we will try to help resolve as soon as we can.

Related Articles….

Install latest Ansible version on Debian 10 (Buster)

by Farooq Ahmed | Jul 26, 2022 | Debian Buster (10)

This article will guide you on installing latest version of Ansible on a Debian 9/10 host. For this article I will be...

Install latest Nginx version from source – Debian 10 (Buster)

by Farooq Ahmed | Jul 13, 2022 | Debian Buster (10)

This article shows you how to install Nginx version 1.23 (at the time of writing this article) on a RaspberryPi...

Generate/sign CSR with subject Alternative Name (SAN) – CentOS7/RHEL7

by Farooq Ahmed | Dec 28, 2018 | RHEL / CentOS

This article will guide you through generating and signing a CSR and at the same time including SubjectAltName within...

Setup/Install WebPasswordsafe (WPS) on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide you on installing/setup of WebPasswordsafe v1.3 (WPS) on CentOS7/RHEL7. This is a Password...

Setup MariaDB on CentOS7/RHEL7

by Farooq Ahmed | Dec 24, 2018 | RHEL / CentOS

This article will guide through installing MariaDB server and its configuration on CentOS7/RHEL7. The assumption for...

Verify/validate signed cert with private key – CentOS/RHEL 6.x/7.x

by Farooq Ahmed | Jun 1, 2018 | RHEL / CentOS

When dealing with signed certs the usual practise is to validate it with the private key. This command will allow you...

« Older Entries