Caucus How-To: Using https
This page describes how to make Caucus use the https (SSL) protocol in order to encrypt your Caucus sessions. Https is the "SSL" (secure-sockets-layer) implementation of the normal http web protocol. Https gives you two things:
- All data passing between the Caucus server and the user's browser is encrypted -- userids, passwords, page text, even images.
- If you have purchased a site certificate, your users are guaranteed that your site really is yours.
The only disadvantage to https and SSL is that it's slower than "normal" http, both in terms of how fast the server runs, and how much data has to be moved between the server and the browser. But if your Caucus site contains any sensitive information, it's usually a good idea to use https.
If you are not familiar with https and SSL, check the following:
- Any good book on Apache (esp Apache 2.0) will have a section on https and SSL, and how to configure your Apache server to use it.
The rest of this document assumes that you are familiar with https and SSL, and just need to know the required changes in Caucus.
II: Caucus 4.4
If you have Caucus 4.4 or higher installed, switching to https is easy. You have three options:
- At install time. When you install Caucus, you are prompted for your default choice of protocols (either http or https). If you want to change the protcol after your initial installation, you can simply re-run the installation script and give it your new choice. (Re-running the installation script will not erase any data or conferences, it will just cause a brief downtime while the software is installed and configured again.)
- After install. If you don't want to rerun the installation script, you can make the equivalent change by editing some files:
- SWEB/swebd.conf. Change the "Config http" parameter.
- SWEB/start.cgi (and any other cgi files you may have created in this directory). Change any "http:"s to "https:"s.
- public_html/caucus.html (and any other pure HTML files you may have created that link into Caucus). Change any "http:"s to "https:"s.
- For a particular interface. You can also chose http or https for a particular Caucus interface. Suppose that your default protocol for the entire site is http, but you have one specific interface (CML directory) that you want to use with https.
For example: assume you have created an interface directory CML/SECURE, which is a complete copy of CML/CC44 (and all its files and subdirectories). Look in the files CML/CC44/main/switch.i, CML/CC44/reg/register.cml, and CML/CC44/reg/reset.cml. You'll see a line that says "Or you may explicitly override it". Change the value of the variable "http" to your new choice in all three files.
Note: to actually change those files, you should copy them to the appropriate main.1 and reg.1 (or higher numbered subdirectories) and change them there. Do not change the files in CC44/main and CC44/reg. See Overrideable CML directories for more details.
III: Caucus 4.3
If you have Caucus 4.3x or earlier, you must manually change some CML files to enable https. (The default protocol is always http.)
- In SWEB/start.cgi (and any equivalent cgi files you may have created), change "http:" to "https:".
- In CML/CS41/Local/switch.i, change "set http http" to "set http https".
- In CML/CS41/person.cml, change "http:" to "https:".
- In CML/REG41/register.cml, register.i, reset.cml, change all instances of "http:" to "https:".