Chapter 6. Setting Up EnGarde Services

Guardian Digital has simplified the task of configuring and managing EnGarde's services by avoiding "generic" browser-based management tools and creating its own secure system management tool, the Guardian Digital WebTool system administration utility. WebTool goes beyond merely providing a consistent interface across Web, mail, DNS and other services to guide you as the administrator towards secure and consistent settings.

This chapter will guide you through setting up a secure SSL-enabled Apache Web server and an associated MySQL database, a Postfix mail server, a vsfptd FTP server, and the rudiments of a BIND DNS server. Along the way, you will see how WebTool guides you in keeping the services secure.

6.1. Setting up a Web Server

WebTool makes creating a secure SSL-enabled Web server just as simple as creating an ordinary insecure Web server. When you have completed this section, you will be operating a new SSL-enabled Web server Virtual Host and its associated database.

To create a new Web server Virtual Host select World Wide Web Management from the Services menu, then choose Create New Virtual Host from the Modules menu. All you need to do to create an SSL-enabled Web server is to select Yes in response to Use SSL? . Enter basic hostname, IP and administrative access information, click Create New Virtual Host and your Web server is ready to use.

Note

Please note that due to limitations of the SSL protocol itself, only one SSL-enabled server can be created for a specified IP address. Thus if you only have one IP address you can only have one SSL-enabled Web server.

Figure 6-1. Create New Virtual Host

The Create Virtual Host screen also demonstrates the ease with which the administrator can create a MySQL database for use by the new server. Just supply a database username and password and the database is created and linked to the new site, with access to the new database granted only to the specified username. This avoids the many security pitfalls and other headaches associated with "manually" creating and associating a database. The database name will be the hostname separated by underscores, e.g. www_engardelinux_org.

Only one step remains to enable a working SSL-enabled site: creating its new SSL certificate. To do this, select World Wide Web Management from the Services menu and you will see the screen below.

Figure 6-2. Current Virtual Hosts

Click on the virtual server you just created, scroll down to the SSL Certificate Management section and click Create New Certificate. You will be presented with a pop up asking for basic contact information, as well as the name of your site (Authority Name):

Figure 6-3. Create/Renew SSL Certificate

Fill in the required fields then click the Create Certificate button. Finally, navigate back to the main World Wide Web Management screen, click the Restart Apache Web Server Service button and your new server is up and running. You may now access the virtual host you just created by typing the URL into your browser, for example:

http://www.engardelinux.org/

The next thing to do is to upload content. Once you have completed the procedure in Section 6.3 you can upload your HTML content via FTP to /home/httpd/<site>-<port>/html. In the example above, you'd upload your content to /home/httpd/www.engardelinux.org-80/html.