79.27. How to activate the HTTP server
Prev Chapter 79. HowTo - Management Next

79.27. How to activate the HTTP server

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

a res:http

or

s act res:http

Add the HTTP resource.

or

If the resource already exists, set it active.

s p http act:yesEnable the HTTP runtime functionalities.
 Repeat the following commands for each user that you want to enable to HTTP.
a user:httpuser pwd:httpuser http:yesAdd the user httpuser and enable it to HTTP.
a http rights path:/sys/trfa/ user:httpuserEnable the httpuser to access the “IP traffic analyzer” link.
a http rights path:/sys/opc/ user:httpuserEnable the httpuser to access the “Operator Panel Control” link.
a http rights path:/sys/sms/ user:httpuserEnable the httpuser to access the “SMS Gateway” link.
a http rights path:/sys/cp/ user:httpuserEnable the httpuser to access the “Control Port” link.
a http rights path:/sys/admin/ user:httpuser recur:noEnable the httpuser to access the “Configuration information” link.
a http rights path:/sys/admin/groups/ user:httpuserEnable the httpuser to access the “Groups administration” link.
a http rights path:/sys/advuser/ user:httpuserEnable the httpuser to access the “Advanced User activities” link.
a http rights path:/sys/admin/users/ user:httpuserEnable the httpuser to access the “Users administration” link.
a http rights path:/sys/admin/lists/ user:httpuserEnable the httpuser to access the “Lists administration” link.
a http rights path:/sys/admin/disa/ user:httpuserEnable the httpuser to access the “DISA administration” link.
save confSave the configuration.

On a working Abilis, a system restart is required to make the HTTP resource running.

79.27.1. How to activate the HTTP over SSL server

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

 Activate the HTTP server.
a res:ssl

or

s act res:ssl

Add the SSL resource.

or

If the resource already exists, set it active.

s p ssl act:yesEnable the SSL runtime functionalities.
s p http act-s:yesEnable the HTTPS runtime functionalities.
s p http sesnum-s:12Configure the number of HTTPS sessions
save confSave the configuration.

On a working Abilis, a system restart is required to make the SSL resource running.

[Note]Note

Verify that the SSL protocol is enabled in the Users and HTTP Virtual Paths Access Rights tables.

[17:53:34] ABILIS_CPX:d user:httpuser

Parameter:     | Value:
---------------+---------------------------------------------------------------
USER:               httpuser
ALIAS:              httpuser
ID:                 4    <Read Only>
PWD:                *******
ACT:                YES
GROUP:
CTIP:               #
CLUS:               #
OPC-ROLE:           USER
OPC-VIEW:           *
OPC-MONITOR:        NONE
HTTP:               YES
HTTP-HOME-URL:
HTTP-PROT:          PLAIN,SSL
-------------------------------------------------------------------------------

[15:12:54] ABILIS_CPX:d http rights

-------------------------------------------------------------------------------
ID: PATH:
       USER:                            FILE: DIR:  RECUR: PROT:
------------------------------------------------------------------------------
  3 /sys/opc/
       httpuser                         r---  l---  YES    PLAIN,SSL
-------------------------------------------------------------------------------
...

79.27.2. How to set the HTTP over SSL server to run using a 2048 bit SSL Public Certificate

  1. From Linux command line:

    test@test-PC:~$ openssl genrsa -des3 -out SRVSSL.KEY 2048
Generating RSA private key, 2048 bit long modulus
.......................................................+++
...........+++
e is 65537 (0x10001)
Enter pass phrase for SRVSSL.KEY:pwdssl
Verifying - Enter pass phrase for SRVSSL.KEY:pwdssl
test@test-PC:~$ openssl req -new -key SRVSSL.KEY -out SRVSSL.CSR
Enter pass phrase for SRVSSL.KEY:pwdssl
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IT
State or Province Name (full name) [Some-State]:Roma
Locality Name (eg, city) []:Roma
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Internet Widgits Pty Ltd
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:test.ddns.net
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
test@test-PC:~$

  2. Go to https://www.sslforfree.com/ and type domain name in the field (e.g test.ddns.net), hit Create Free SSL Certificate and select Manual Verification, download the file, and copy the content of the downloaded file to Abilis CPX, as shown bellow:

    [08:07:38] ABILIS_CPX:sys create c:\8-4-3\pub\.well-known\acme-challenge\ 

COMMAND EXECUTED

[08:09:16] ABILIS_CPX:file put z c:\8-4-3\pub\.well-known\acme-challenge\smCR5g8JoyTIY8W5aHsnGd15FFgmn3i-75Abz5AtSY4

  3. Create permissions for HTTP to this folder:

    [08:12:10] ABILIS_CPX:a http path:/.well-known/ phys-path:"c:\8-4-3\pub\.well-known\"

COMMAND EXECUTED

[08:12:22] ABILIS_CPX:a http rights path:/.well-known/ user:anonymous

COMMAND EXECUTED

  4. Go to https://www.sslforfree.com/ mark check box: I Have My Own CSR and insert the content of the SRVSSL.CSR (generated from Linux Command line) proceed to certificate generated by clicking Download SSL Certificate.

  5. Download All SSL Certificate Files. There a 3 file private.key (empty), certificate.crt and ca-bundle.crt.

  6. Create an srvssl.cer file with content of the certificate.crt and ca-bundle.crt (copy and paste).

  7. Coppy files SRVSSL.CER and SRVSSL.KEY (generated on Linux PC) to C:\APP\SSL directory on Abilis CPX.

    [08:20:59] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer

[08:21:55] ABILIS_CPX:file put z c:\app\ssl\srvssl.key

    and show to ssl resource path to this certificate:

    [08:18:15] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\

COMMAND EXECUTED

[08:23:03] ABILIS_CPX:s p res:ssl PWDKEY-SRV:pwdssl

COMMAND EXECUTED

[08:23:21] ABILIS_CPX:init res:ssl

COMMAND EXECUTED

79.27.3. How to set the HTTP over SSL server to run using a 4096 bit SSL Public Certificate

  1. Go to https://www.sslforfree.com/ and type domain name in the field (e.g test.ddns.net), hit Create Free SSL Certificate and select Manual Verification, download the file, and copy the content of the downloaded file to Abilis CPX, as shown bellow:

    [08:07:38] ABILIS_CPX:sys create c:\8-4-5\pub\.well-known\acme-challenge\ 

COMMAND EXECUTED

[08:09:16] ABILIS_CPX:file put z c:\8-4-5\pub\.well-known\acme-challenge\hH0JybhuaLSe7kWSGw6X7i2qJ0J33kkgv0PUKlq9OL8

  2. Create permissions for HTTP to this folder:

    [08:12:10] ABILIS_CPX:a http path:/.well-known/ phys-path:"c:\8-4-5\pub\.well-known\"

COMMAND EXECUTED

[08:12:22] ABILIS_CPX:a http rights path:/.well-known/ user:anonymous

COMMAND EXECUTED

  3. Go to https://www.sslforfree.com/ . Proceed to certificate generated by clicking Download SSL Certificate.

  4. Download All SSL Certificate Files. There a 3 file private.key (empty), certificate.crt and ca-bundle.crt.

  5. Create an srvssl.cer file with content of the certificate.crt and ca-bundle.crt (copy and paste).

  6. From Linux command line:

    test@test-PC:~$ openssl rsa -des3 -in PRIVATE.KEY -out SRVSSL.KEY
writing RSA key

Enter PEM pass phrase: pwdssl

Verifying - Enter PEM pass phrase: pwdssl
test@test-PC:~$

  7. Coppy files SRVSSL.CER and SRVSSL.KEY to C:\APP\SSL directory on Abilis CPX.

    [08:20:59] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer

[08:21:55] ABILIS_CPX:file put z c:\app\ssl\srvssl.key

    and show to ssl resource path to this certificate:

    [08:18:15] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\

COMMAND EXECUTED

[08:23:03] ABILIS_CPX:s p res:ssl PWDKEY-SRV:pwdssl

COMMAND EXECUTED

[08:23:21] ABILIS_CPX:init res:ssl

COMMAND EXECUTED

79.27.4. How to set the HTTP over SSL server to run using a Self-Signed Certificate

  1. From Linux command line:

    test@test-PC:~$ openssl genrsa -out CLISSL.KEY 1024

test@test-PC:~$ openssl req -new -key CLISSL.KEY -out CLISSL.CSR

test@test-PC:~$ openssl x509 -req -days 5000 -in CLISSL.CSR -signkey CLISSL.KEY -out CLISSL.CER

test@test-PC:~$ openssl genrsa -des3 -out SRVSSL.KEY 1024

test@test-PC:~$ openssl req -new -key SRVSSL.KEY -out SRVSSL.CSR

test@test-PC:~$ openssl x509 -req -days 5000 -in SRVSSL.CSR -signkey SRVSSL.KEY -out SRVSSL.CER

  2. Copy to Abilis CPX all 4 files generated in Linux command line:

    [09:23:20] ABILIS_CPX:file put z c:\app\ssl\srvssl.cer

[09:24:29] ABILIS_CPX:file put z c:\app\ssl\srvssl.key

[09:25:37] ABILIS_CPX:file put z c:\app\ssl\clissl.key

[09:26:42] ABILIS_CPX:file put z c:\app\ssl\clissl.cer

[09:27:43] ABILIS_CPX:s p res:ssl cert-path:c:\app\ssl\

COMMAND EXECUTED

[09:28:37] ABILIS_CPX:s p ssl PWDKEY-SRV:pwdssl

COMMAND EXECUTED

[09:29:19] ABILIS_CPX:init res:ssl

COMMAND EXECUTED

79.27.5. How to change the default Abilis company logo

If you place a gif image in the directory C:\APP\HTTP\LOGO, it will replace the default Abilis company logo.

[Important]Important

The image must have name company_logo.gif. The image is shown 250x350 px.

Enter into the Abilis control-program or open the configuration file with the Console configurator and type the following commands.

file put z c:\app\http\logo\company_logo.gifUpload the file with the file put command (Using the ZMODEM protocol).
[Tip]Tip

The image can be loaded, using also the FTP.

Prev Up Next
79.26. How to open a SSH connection from Abilis Home 79.28. How to activate the FTP server