Secutiry - Security Keys - Menu
You can find this feature in the menu system at the following location:
Directory --> My Account Security and Keys
Security Keys - Overview
The Security and Keys system provides a one-stop location for end users who need to access security settings for the desktop systems, namely:
- SSL Certificates (including PKCS12)
- OpenVPN configuration
Unlike most of the other pages in the webconfig system, this one is designed to be accessed by the end user. To view the information on this page, login with the end user's username (instead of root).
Security Keys - E-mail / PKCS#12
If your system administrator has enabled encryption and digital signatures on the mail system, click on the Download to download and install the PKCS#12 file.
Security Keys - OpenVPN
If your system administrator has enabled OpenVPN on your ClearOS system, you can download all the necessary security and configuration to connect via VPN (virtual private networking). You will need to download all the files to configure your connection:
- Certificate Authority
- Certificate
- Key
- Configuration File
SSH - Abilitare SSH per gli utenti
Secure Shell (SSH) access for users is rarely required and should be considered only for trusted users. To enable this option in the web-based account manager, add or change the following parameter in /etc/system/webconfig:
allow_shell = 1
SSH - ClearOs
You can open up external access to your server by allowing incoming SSH (port 22) in Network Firewall Incoming.
Select SSH under Standard Services and click Add
Because SSH is a common management port, you should enable the Intrusion Detection and Prevention modules to protect this port if you open it up on the outside.
Secure Copy
Part of the capabilities of the SSH protocol is the ability securely transfer data to and from the server. This is commonly called secure copy or SCP. This can be done using command line on Mac and Linux. In Windows, a graphical program called WinSCP is free and useful for performing these tasks. You can also use Fugu on Mac as a graphical frontend for SCP.
SCP works similarly to the CP (copy) program in POSIX systems. For example, if you wanted to copy a file to the server you could type the following:
scp test.txt root@server.example.com:/var/
This would copy the file test.txt to the /var directory of the server named server.example.com using root as the username. For more information, visit this link.
Varie- File Scanner
Select the files that you would like to scan and then hit the Update to save those changes. You can start a scan by hitting the Start button. You can also enable a daily virus scan if required.Varie - Webserver
ClearOS includes the Apache web server – the same software that powers many of the world's largest web sites.Server Web -->Web Server
Server Name
The server name is a valid name (for example, www.example.com) for your web server. This name is used on some infrequently used error pages, so it is not all that important.
SSL-Enabled - Secure Site
The web server comes with built-in SSL encryption for enhanced security. If your website requires a username and password for login, then it is a good idea to use encryption. For instance, if you have the webmail or groupware solution installed, you should access their respective login pages via the secure web server. In your web browser, you should use the encrypted https://your.domain.com instead of the un-encrypted http://your.domain.com (https vs http). When enabled, all communication between the web server and user's web browser is encrypted using a 128-bit security key.
SSL encryption requires a web site certificate. ClearOS automatically generates a default certificate that is secure. However, this certificate is not verified by one of the web site certificate authorities (it costs at least $50 per year to maintain a verified web site certificate). Your users will see the following warning (or similar) when connecting to the secure web server.
Virtual Hosts
The web server includes support for “virtual hosts”. This means your web server can be used for hosting more than one web site.
Adding Dynamic Content to Your Site
There are many options for adding dynamic content to a website:
- Perl and CGI
- PHP
- JSP
- ASP
PHP and perl CGI are installed by default. The set-up and configuration of other engines are beyond the scope of this help document.
Uploading files to your Server
To upload files to your server, you can enable either FTP or File Server access to the site or you can use both. To allow file access to your default website or your virtual website, simply set the pull-down box to 'Yes' in either the 'Allow FTP Upload section' or the 'Allow File Server Upload' and click 'Update'.
FTP access
If your server is running the firewall you will need to open up ports to support access of the FTP server from the outside. The web server storage resides in a virtual FTP site. You will need to open the following ports to access the default FTP storage: 2121, 65000-65100
File Server access
Samba access of your web server is only available from networks with the LAN role in IP Settings.
File Server access using Windows
You can access the resource in Windows by running the IP address as a UNC in the Run dialog box.
\\ip_address
File Server access using Mac OSX
From Mac OSX, type Command+K in finder and type the address using the CIFS protocol.
cifs://ip_address
Troubleshooting
ISP Blocking
Some ISPs are known to block web (port 80) traffic to residential broadband connections in an attempt to cut down on illegal sites hosted on their network. If you think your configuration is set-up correctly and you suspect your ISP is blocking HTTP traffic, try a remote port scan.
Firewall Rules
A web server listens to client requests coming in on port 80 (HTTP) or 443 (HTTPS/secure). Did you remember to open the correct port(s)?
Varie - Register system
Create an Online Account
If you do not yet have a ClearCenter online account, you can create one here. It is quick, easy to do and free!
Complete Registration Wizard
With your online account information in hand, you are now ready to register your ClearOS system.
- Login to your system via the web-based administration tool.
- Click on ClearCenter Register Register System in the menu.
- In the first step in the wizard, enter your online account username and password.
- Continue with the registration wizard
