• Registered: 01/17/2008
  • Posts: 2

Topic: SSL

I was wondering if anyone has FrontAccounting working with SSL and if it works.

I'm interested in the security aspect of the software and what can be done to make it secure enough to use for clients over the internet.

Thanks

  • joe
  • Administrator
  • Offline
  • Registered: 03/15/2007
  • Posts: 5,089

Re: SSL

It should work allright, but there are probably others out there that can fill me in.

Joe

  • Registered: 01/17/2008
  • Posts: 2

Re: SSL

Hi Joe,

OK, I'll have to experiment with it.

Thanks!

  • Registered: 03/03/2008
  • Posts: 17

Re: SSL

If anyone is intereted out there about ssl,
the following appears to work. It is inseted around line 20 of login.php
   
    $redirect=$_SERVER['SERVER_PORT'];
    if ($redirect==80)
    {
        $redirect="YOUR SSL DIR HERE";
    }
    else
    {
        $redirect="";
    }


Also the form line

<form action="<?php echo" $redirect".$_SERVER['PHP_SELF'];?>" name="loginform" method="post">

  • From: India
  • Registered: 11/09/2009
  • Posts: 115

Re: SSL

Hi Joe,

I could not find a way to turn on the SSL.
Please advice.

Thanks,

Chaitanya
  • joe
  • Administrator
  • Offline
  • Registered: 03/15/2007
  • Posts: 5,089

Re: SSL

Hello Chaitanya,
I haven't tried this myself, so I can not advise very much in this matter. Maybe Janusz or somebody else can help us.

/Joe

  • Registered: 12/25/2007
  • Posts: 2,447

Re: SSL

Hello,

I have installed FA in one of my domains under ssl without problem - it worked from the box - but apache ssl support were turned on by defualt on my host. AFAIK turning ssl on need apache and system configuration (at least on linux), but this is not related to FA. I'm not an expert in matter of apache so I cannot help.

Janusz

8 Reply by brimars (edited by brimars 01/07/2010 04:39:17 pm)

  • Registered: 01/07/2010
  • Posts: 1

Re: SSL

Don't know which distribution you are running, but I'm running Front Accounting on port 9101 under Ubuntu 9.10.

This link provided details on how to get the SSL self-signed cert installed and running on Apache2 (you should be able to select the steps you need if you are using a CA cert instead). http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

To the best of my memory, I didn't make any changes to Front Accounting other than during installation when asked for the URL, which I changed to be something like https://myserver:9101. I have Front Accounting as the only app on that port, but you should be able to configure based on the link above for whatever structure you require.

If you need more detail, let me know and I can forward some snippets from my system.

Brian.

One quick note: even if you've made all of the changes to the Apache2 files and have the SSL certs available, I had to complete the step #3 (a2enmod ssl) from the above link to make sure SSL was actually enabled on Apache2.

  • From: India
  • Registered: 11/09/2009
  • Posts: 115

Re: SSL

Thanks, Will come back on this soon.

Chaitanya
  • rodw
  • Senior Member
  • Offline
  • From: Australia
  • Registered: 03/01/2010
  • Posts: 115

Re: SSL

I looked at doing this today too. I found a link somewhere that suggested it be done in the .htaccess file in the /facc folder by adding this code:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} facc 
RewriteRule ^(.*)$ https://www.domain.com/facc/$1 [R,L]

This worked for me and took all of 2 minutes to do but if somebody could outline the pros and cons of using .htaccess v's the other approaches shown, I'd appreciate it.

Rod

[b]RodW[/b]
Brisbane, QLD, Australia