On Oct 18, 2006, at 10:10 AM, Robin Becker wrote:
I have a number of servers which don't have console access, but I
would like to have apache started automatically if the server is
rebooted. However, it seems that if https is used then I need to
type in a secret at boot time (on the console).
Is there a way to start processes up automatically after the boot
is finished?
Sure. Cron or at will do so, for example. But you're not going to
truly resolve the actual problem of needing human input for a
passphrase by having some other machine do something automatically.
I could imagine asking another, trusted, server to supply the magic
string using scp or some other secure transport and then using the
decoded result to start up apache.
The "magic string" is normally called the SSH private key, ~/.ssh/
id_rsa or ~/.ssh/id_dsa. :-)
I suppose you could use SSH from some remote trusted server to do an
"apachectl startssl" and then feed it the passphrase, but then you've
ended up putting the passphrase in cleartext on the trusted host, and
you need to permit the trusted host to login to the webserver without
needing human intervention via SSH keypairs, so you're just moving
the problem from one place to another.
If you've got 24-7 sysadmin availability, then keeping your x.509
certs passphrase-protected might well make sense-- if a machine is
rebooted, a sysadmin needs to login and start apache by hand.
Otherwise, most people leave the x.509 certs unsecured with a
passphrase so that the webserver can be setup to start itself upon a
reboot without manual intervention.
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
