Weblog

7 December 2014, 13:03

A new version of the Hiawatha webserver has been released. Several changes has been made to further improve the SSL capabilities of this webserver.

One of those changes is the addition of the CAcertificates setting, which allows you to specify one or more CA certificates. This allows Hiawatha to verify the authenticity of the peer in case it acts as an SSL client, which it does for a reverse proxy and websockets. It was always my idea that the reverse proxy functionality should only be used for local applications that only speak HTTP instead of the usual (Fast)CGI or for SSL offloading. SSL support was included for the rare situation where a local HTTP-speaking webapp only speaks HTTPS, for which SSL validation is not required. I think I never explained this intended usage well enough, because I found out that several people used Hiawatha's reverse proxy functionality to connect via HTTPS to other webservers via the internet. This requires SSL certificate validation to make the connection secure. That's why I included the CAcertificates option.

If not set, SSL connections made by Hiawatha are not validated and therefor not really secure. Only do that for local connections or within a trusted network. Otherwise, use this option to feed Hiawatha with trusted CA certificates.

Chris Wadge
8 December 2014, 10:28
Debian packages are up on tuxhelp.org and the apt repository. No regressions in my limited tests, save for Qualys reporting a slightly lower score due to prioritization of cipher suites using ECDHE KEX, which take priority over other suites which utilize older raw DH or RSA KEX. In other words, this seems to be expected behavior.
Leo Unglaub
8 December 2014, 11:56
The Hiawatha package for Crux-Linux has been updated as well without any problems. https://bitbucket.org/leo-unglaub/crux-ports-leo-unglaub/src/HEAD/hiawatha/

Greetings
Leo
Mario
20 December 2014, 23:43
Hi Hugo

I'm a newbie. I came from the Windows world . I would like to setup a wordpress website using your web server. Do you have step-by-step manual for full instalation of Linux OS+Hiawatha+wordpress?

Thanks in advance for your cooperation.
Mario
Chris Wadge
21 December 2014, 05:51
Hey Mario,

Interesting timing. I'm actually in the process of doing a write-up about running WordPress on Hiawatha. It's not finished yet, so all I can show you to prove intent is the logo [dotbalm.org] I made for the article (which I realize isn't very helpful). But I'll be posting the article as soon as it's finished.

In the meantime, there is a small sample config which touches on WordPress in this article [dotbalm.org]. Might at least set the groundwork for familiarity with a new webserver.

Best regards,
-Chris
Hugo Leisink
21 December 2014, 08:24
Hi Mario. The internet is filled with Linux manuals, so not much is gained if I write one too. I also don't have the time for that. And about Wordpress, because of all the security issues with it, I'm not the right person to ask for that. Good to hear that Chris will be able to help you out with that.
Kurnia Ramadhan
22 December 2014, 16:43
I write the tutorial for Linux (Debian / Ubuntu) and FreeBSD to install Hiawatha + php-fpm + MariaDB. It's very easy, i'm newbie like you. In FreeBSD u can install Hiawatha + php-fpm + MariaDB with only one command using "pkg".

But all my tutorial using Indonesian language but you can see the command, next time I will translate to English... u can visit my blog: serverborneo.com

Regards
Kurnia
k0nsl
28 December 2014, 11:42
Thanks Mr. Leisink for keeping up the good work