Month: March 2017

Categories
WordPress

Enabling WordPress SSL using Cloudflare Flexible SSL

Enabling SSL within WordPress is not a simple task if you rely upon the “flexible SSL” offering from CloudFlare. You will end up with SSL infinite redirects and will likely be unable to get into your admin interface without editing config files.

Getting this to work though, with the help of a plugin, can be relatively straight-forwards.

First, you need to install the following plugin on your WordPress installation: https://wordpress.org/plugins/cloudflare-flexible-ssl/

Next, within the CloudFlare configuration for your domain, browse to “Page Rules” – you want to create a new Page Rule:

Enter http://www.<your domain>.<name>/* – for example http://www.cb-net.co.uk/* and then, from the drop down box, select “Always use HTTPS” – finally, click “Save and Deploy:”

That’s it.. browse to your site’s URL and confirm the traffic is automatically redirected to HTTPS.

You do not have to change the WordPress config – to re-enable HTTP access remove the CloudFlare rule.

Categories
Linux

Enabling Duo Dual / Multi-Factor Authentication (MFA) for Guacamole Docker

Updated 12/04/17; reflected availability of 0.9.12-incubating version of guacamole.

Updated 12/02/18; reflected 0.9.13-incubating version of guacamole.

*** This guide assumes you have guacamole up and running, see here if you do not! ***

First, you’ll need to register for a Free Duo account, go to: https://duo.com/

Create a new “Auth API” application: Dashboard > Applications > Protect an Application > Web SDK

  • Scroll down, under Settings and change the name to “Guacamole,” or something of your choice.
  • Copy out the following information (you’ll need this for the guacamole.properties file):
    • Integration Key
    • Secret Key
    • API hostname

Finally, generate a duo “application key” on your docker host – note you do not have to input this anywhere on your Duo configuration.

dd if=/dev/random count=1 | sha256sum

Now from your docker host we will create a skeleton extensions directory and guacamole.properties file that will be passed through to the guacamole docker image. Don’t worry, we’ll only add the Duo-specific config/ extension files here, the docker images will sort the rest out for us!

We will create this skeleton home directory under: /var/docker/config/guacamole/

# From Docker HOST execute these commands

cd ~/
mkdir -p /var/docker/config/guacamole/extensions/

wget http://apache.mirrors.tds.net/incubator/guacamole/0.9.13-incubating/binary/guacamole-auth-duo-0.9.13-incubating.tar.gz

tar zxvf guacamole-auth-duo-0.9.13-incubating.tar.gz

mv guacamole-auth-duo-0.9.13-incubating/guacamole-auth-duo-0.9.13-incubating.jar /var/docker/config/guacamole/extensions/

cd /var/docker/config/guacamole
vi guacamole.properties

### Duo MFA Config
duo-api-hostname: <as per duo config>
duo-integration-key: <as per duo config>
duo-secret-key: <as per duo config>
duo-application-key: <generate using command above>

# Now save/ close the text file

Finally, we’ll now drop and recreate the guacamole docker image with Duo support – note this will stop access / any running sessions. Note how we pass through the config folder and then define it as a path within the container which GUACAMOLE_HOME then uses.

Be sure to verify syntax of this command – i.e.

  • Database name
  • Database user account/ password
  • guacd and mysql linked docker container names
  • Volume paths that are passed-through to the container
docker stop guacamole
docker rm guacamole

docker run --name guacamole --link guacd:guacd --link guac-mysql:mysql \
-e MYSQL_DATABASE='guacamole' \
-e MYSQL_USER='guacamole' \
-v /var/docker/config/guacamole:/config \
-e GUACAMOLE_HOME=/config \
-e MYSQL_PASSWORD='<your password>' \
-d -p 8080:8080 guacamole/guacamole

The guacamole container should now be started and you should be able to login/ assign MFA to your guacamole account.

Be sure to reset your browser cache as otherwise you will be presented with an error when logging on.