Ask Your Question
2

Securing a Sage Server

asked 2013-06-08 12:12:18 +0200

em2slyn gravatar image

Hi Folks:

I am looking for a procedure on how to secure a Sage server and could use some expertise.

I built a Sage server based on the instructions provided in the Wiki article, Setting Up a Sage Server (Sage 5.9 on Ubuntu Server 12.04.2). I've disabled self registration and add users through the command line so that accounts and passwords can be distributed to those who need access prior to their initial sign in. My understanding is that when users login, passwords are sent in the clear using the default configuration. Since I'd like students to have access outside of school, securing the Sage server would be a prudent step.

I'm using HAProxy as the reverse proxy server and would like to secure the user logins using SSL. I've been searching the web to find some guides but with limited success. Does anyone know of any websites that I could use as reference or have a procedure that would help walk through the process of preparing OpenSSL, setting up HAProxy, and configuring Sage?

I'm building this so students at our school can use this in their classes. Any help would be appreciated. Thanks!

Have a GREAT DAY!!

Shaun

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2013-06-10 07:41:55 +0200

Jason Grout gravatar image

So your question is primarily about encrypting the plaintext passwords sent at login time? The new HAProxy includes SSL services, so you might use that. Or another popular setup that works with the current HAProxy stable release is to put stunnel in front of HAProxy to terminate the SSL connection. Search for "stunnel haproxy" to see guides for how to do that.

edit flag offensive delete link more
0

answered 2013-06-10 11:15:00 +0200

em2slyn gravatar image

Thank you for the response. I've read a little about this option and will be looking at it more.

I also found another alternative that answers my own question for those looking for a secure Sage server without the reverse proxy. Here are the steps: First, install pyopenssl spkg and set secure=True in the notebook parameters. Next, set interface='' (two single quotes) to listen on all available interfaces (localhost and physical) and uninstall HAProxy so the Sage server has a direct connection to the network. I added the iptables rule "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080" as described in the Setting Up a Sage Server article to redirect HTTPS requests to the Sage server and opened ports 443 and 8080 in the firewall. So far the Sage server seems to be working with full HTTPS. Hopefully these steps help someone else who is trying to do something similar.

Have a GREAT DAY!!

Shaun

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2013-06-08 12:12:18 +0200

Seen: 386 times

Last updated: Jun 10 '13