{"id":894,"date":"2022-05-08T19:14:56","date_gmt":"2022-05-08T17:14:56","guid":{"rendered":"https:\/\/techtocraft.xyz\/?p=894"},"modified":"2022-09-11T14:45:29","modified_gmt":"2022-09-11T12:45:29","slug":"securiser-owncloud-par-https-ssl","status":"publish","type":"post","link":"https:\/\/hinakuu.xyz\/?p=894","title":{"rendered":"S\u00e9curiser OwnCloud par HTTPS\/SSL"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-purple-color\">I. Pr\u00e9sentation<\/mark><\/h3>\n\n\n\n<p>Dans ce tutoriel, nous allons apprendre \u00e0 faire fonctionner ownCloud \u00e0 travers une couche SSL en transformant les \u00e9changes HTTP en son homologue s\u00e9curis\u00e9 HTTPS. Cela est notamment une obligation pour la communication entre le serveur ownCloud et les ownCloud clients qui servent \u00e0 la synchronisation des clients avec les r\u00e9pertoires des serveurs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">II. Cr\u00e9ation du VitrualHost<\/mark><\/h3>\n\n\n\n<p>Sous Apache2, nous allons commencer par cr\u00e9er un VirtualHost (\u00ab\u00a0site\u00a0\u00bb) avec une configuration qui fonctionnera avec le HTTPS (port 443)<\/p>\n\n\n\n<p>Dans le r\u00e9pertoire \u00ab&nbsp;<strong>\/etc\/apache2\/sites-available<\/strong>&nbsp;\u00bb, nous cr\u00e9erons un nouveau fichier \u00ab&nbsp;<strong>owncloud.https<\/strong>&nbsp;\u00bb et saisirons les lignes suivantes<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">NameVirtualHost *:443\n<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\"># H\u00f4te virtuel qui \u00e9coute sur le port HTTPS 443<\/mark>\n&lt;VirtualHost *:443&gt;\nDocumentRoot \/var\/www\/\n<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\"># Activation du mode SSL<\/mark>\nSSLEngine On \nSSLOptions +FakeBasicAuth +ExportCertData +StrictRequire\n<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\"># On indique ou est le certificat<\/mark>\nSSLCertificateFile \/etc\/ssl\/certs\/owncloud.crt\nSSLCertificateKeyFile \/etc\/ssl\/private\/owncloud.key\n&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">III. Activation des nouveaux modules<\/mark><\/h3>\n\n\n\n<p>Nous allons maintenant activer le module SSL dans Apache2 pour que celui-ci puisse \u00eatre utilis\u00e9 dans nos \u00e9changes ownCloud :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">a2enmod ssl<\/mark><\/pre>\n\n\n\n<p>On doit ensuite ajouter notre nouveau site aux sites actifs d&rsquo;Apache2 :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">a2ensite owncloud.https<\/mark><\/pre>\n\n\n\n<p>Une derni\u00e8re \u00e9tape est \u00e0 faire avant de rallumer notre serveur apache2.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">IV.<\/mark> <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">Cr\u00e9ation du certificat auto-sign\u00e9<\/mark><\/h3>\n\n\n\n<p>Maintenant nous pouvons acc\u00e9der \u00e0 Owncloud via le HTTPS, seulement on peut encore passer aussi via le HTTP, nous allons donc le forcer \u00e0 utiliser le HTTPS. Il faut aller modifier un fichier PHP dans Owncloud pour forcer l&rsquo;acc\u00e8s en HTTPS. Dans \u00ab\u00a0<strong>\/var\/www\/config\/config.php<\/strong>\u00ab\u00a0, ajouter : \u2018<strong>force ssl\u2019 =&gt; true<\/strong>.<\/p>\n\n\n\n<p>Nous allons ensuite passer \u00e0 la g\u00e9n\u00e9ration de nos cl\u00e9s, on cr\u00e9e un r\u00e9pertoire pour les cl\u00e9s :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">cd \/etc\/apache2\/ &amp;&amp; mkdir CertOwncloud &amp;&amp; cd CertOwncloud<\/mark><\/pre>\n\n\n\n<p>On g\u00e9n\u00e8re notre cl\u00e9 sur 1024 bits :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">openssl genrsa -out owncloud.key 1024<\/mark><\/pre>\n\n\n\n<p>Cr\u00e9ation des \u00ab\u00a0<strong>.key<\/strong>\u00a0\u00bb et \u00ab\u00a0<strong>.csr<\/strong>\u00a0\u00bb :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">openssl req -new -key owncloud.key -out owncloud.csr<\/mark><\/pre>\n\n\n\n<p>On rempliera ensuite les donn\u00e9es du certificat correctement, il est important de noter que l&rsquo;absence du CommonName pourra g\u00e9n\u00e9rer des erreurs plus tards. On cr\u00e9e ensuite le fichier de certificat :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">openssl x509 -req -days 365 -in owncloud.csr -signkey owncloud.key -out owncloud.crt<\/mark><\/pre>\n\n\n\n<p>On copiera ensuite nos certificats l\u00e0 on tous les certificats sont stock\u00e9s :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">cp owncloud.crt \/etc\/ssl\/certs\ncp owncloud.key \/etc\/ssl\/private<\/mark><\/pre>\n\n\n\n<p>Proc\u00e9dez au red\u00e9marrage d&rsquo;Apache2 apr\u00e8s avoir v\u00e9rifi\u00e9 sa configuration<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">apachectl configtest\nservice apache2 restart<\/mark><\/pre>\n\n\n\n<p>On pourra ensuite v\u00e9rifier dans notre navigateur que le HTTPS est bien utilis\u00e9 en nous rendant sur l&rsquo;interface web de notre ownCloud :<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I. Pr\u00e9sentation Dans ce tutoriel, nous allons apprendre \u00e0 faire fonctionner ownCloud \u00e0 travers une couche SSL en<\/p>\n","protected":false},"author":1,"featured_media":776,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=894"}],"version-history":[{"count":4,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/894\/revisions"}],"predecessor-version":[{"id":1106,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/posts\/894\/revisions\/1106"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=\/wp\/v2\/media\/776"}],"wp:attachment":[{"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hinakuu.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}