|
Back
Midas
Rome
Roody
Rootana
|
Midas DAQ System |
Not logged in |
|
|
22 May 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
07 Jul 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
15 Jul 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
12 Aug 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
27 Aug 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
31 Aug 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
21 Aug 2015, Thomas Lindner, Info, mhttpd HTTPS/SSL server updated
|
27 Aug 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
09 Sep 2015, Thomas Lindner, Info, mhttpd HTTPS/SSL server updated
|
11 Sep 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
|
Message ID: 1107
Entry time: 09 Sep 2015
In reply to: 1103
Reply to this: 1110
|
Author: |
Thomas Lindner |
Topic: |
Info |
Subject: |
mhttpd HTTPS/SSL server updated |
|
|
> >
> > I find that I don't understand this recommendation to use secure mongoose
> > instead of putting mhttpd behind an apache proxy.
> >
>
> This is a very valid question.
>
> I think for a small operation that does not require root access to the host computer, mhttpd+mongoose is a good light weight solution.
> ...
> So, which one to use?
>
> - for maximum security, use httpd apache (but remember to restrict access to mhttpd web port to be "only from the proxy")
> - for light-weight cases, or when root access is not available use built-in https in mhttpd.
>
> The midas wiki documentation should probably be updated to explain all of this.
Thanks for the detailed explanation. I agree with your recommendations. I was mostly interested in having both options treated equally in the documentation.
My only small complaint is that since the default mhttpd comes with mongoose security turned on, you need to explicitly disable the mhttpd+mongoose security first before you can start setting up apache. I guess that the motivation is
that we should force people to disable security, rather than hoping that they will enable it. That's a convincing argument; so all I really need is that this procedure be well documented. |