Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

by | Dec 24, 2018 | RHEL / CentOS

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

Apache and mod_ssl 2.4.6 or higher

Start with installing Apache and mod_ssl.

# yum -y install httpd mod_ssl

Edit httpd.conf and add/amend the following lines.

# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<Proxy *>
Order deny,allow
Deny from all
Allow from 10.0.10.0/24
</Proxy>

***Note: Replace 10.0.10.0/24 with required LAN Subnet***

Create a file for a ProxyPass

# vi /etc/httpd/conf.d/proxy_ajp.conf
ProxyPass /wps/ ajp://localhost:8009/wps/

Now create a new redirect file so that all requests go to “https

# vi /etc/httpd/conf.d/redirect.conf
Redirect / https://10.0.10.19/wps/

*** Note - Replace 10.0.10.19 with WPS Server IP Address***

Now the last step is to disable plain “http” access in Tomcat Add/Edit "/opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml" file (The "/wps/" path is dependent on the WPS setup) and add the below lines before </web-app>

# vi /opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml

<!-- Require HTTPS for everything except /img (favicon) and /css. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOrHTTP</web-resource-name>
<url-pattern>*.ico</url-pattern>
<url-pattern>/img/*</url-pattern>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

Now restart Apache and wps service for the changes to take effect.

# systemctl restart httpd && systemctl restart wps

Check the status to make sure all is up and working

# systemctl status httpd && systemctl status wps

Now browse to the https URL and all should be up and running

(https://hostname_or_IP/wps)

Please do let us know via Contact Us if you come across any issues and we will try to help resolve as soon as we can.

Related Articles….