Hiawatha
A secure and advanced webserver
Back

HOWTO: Normal and SSL bindings

Bindings

A binding is where a client can connect to (a port on an interface). Almost every webserver uses port 80 for HTTP requests and port 443 for HTTPS (HTTP encrypted via SSL) requests. How to use SSL is explained in the next paragraph. First, we focus on creating a 'normal' binding. Bindings are created via a Binding section:

Binding {
    Port = 80
}

This makes Hiawatha listen on port 80 on every available interface. If you want Hiawatha to listen only on a specific interface, specify it via the Interface option. Use the IP address of the interface you want Hiawatha to listen on.

Binding {
    ...
    Interface = 192.168.0.1
}

To keep a client from having a connection open for too long, you can set a timeout via the RequestTimeout option. RequestTimeout takes one parameter, which is the timeout for every request, or two comma separated parameters, where the first parameter is the timeout for the first request and the second parameter is the timeout for all the following requests for that connection. The timeout is in seconds.

Another option to protect your webserver is the MaxRequestSize option. Via this option, you limit the size of a request sent by a client. A request uses memory. Sending very large requests can be used to DoS a server, which we want to prevent. The request size is specified in kilobytes.

Binding {
    ...
    TimeForRequest = 5, 30
    MaxRequestSize = 512
}

SSL bindings

The first thing you need before you can use SSL, is a X.509 SSL certificate. You can obtain one from a Certificate Authority, like Thawte or Comodo, or you can create one yourself with OpenSSL:

openssl genrsa -out serverkey.pem 2048
openssl req -new -x509 -days 3650 -key serverkey.pem -out server.crt
echo "" >> serverkey.pem
cat server.crt >> serverkey.pem
echo "" >> serverkey.pem
rm -f server.crt

You should now have a file serverkey.pem. Move this file to your Hiawatha configuration directory (probably /etc/hiawatha or /usr/local/etc/hiawatha) and make sure it's only readable for root (file mode 400). Configure Hiawatha to use this certificate for HTTPS connections.

Binding {
    Port = 443
    SSLcertFile = /etc/hiawatha/serverkey.pem
}

The order of the items in serverkey.pem is important. The order is as follows:

-----BEGIN RSA PRIVATE KEY-----
[webserver private key]
-----END RSA PRIVATE KEY----- 

-----BEGIN CERTIFICATE-----
[webserver certificate]
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
[optional CA intermediate certificate]
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
[CA root certificate]
-----END CERTIFICATE-----

If you want certain websites to be visited only via HTTPS, you can force users to use HTTPS.

VirtualHost {
    ...
    RequireSSL = yes
}

Home
Hiawatha weblog
Hiawatha Monitor website
Previous polls
About
Features
License
Newsletter
Contribute
Download
Changelog
Support
HOWTO
Manual pages
F.A.Q.
Forum
Search

Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.