Today I had to set up remote access to the test database we are using. Both the GTK client and the Web client can be used over SSL (I didn't try Koo because it's not ported to OpenERP 5 yet). I chose to set up the Web client for two reasons: I've read in some forum posts that it's better for slow connection remote sites and because I needed real security after enabling connections from the wide Internet to my OpenERP server. As the Web client doesn't use SSL on it's own, an Apache server has to be set up with mod_proxy and mod_ssl. A description is
in the documentiation. That's not enough! With this all the users are exposed to the Internet so I decided to require a certificate login for the browsers. With that only those can access the OpenERP Web client who received a client certificate from me. For this to work, a few more lines are needed in the apache config:
In the VirtualHost:
SSLCertificateKeyFile path/server.key
SSLCACertificateFile path/ca.crt
SSLVerifyClient require
SSLVerifyDepth 10
And the Proxy section:
Order deny,allow
Allow from all
SSLRequireSSL
Of course, the self-signed certificate authority, the server key and the client keys are all have to be set up correctly, that's a little more difficult...
This comment has been removed by a blog administrator.
ReplyDeleteCan you just run third party remote desktop software? It seems like it would be easier than always having to write custom code whenever you need a security exception..
ReplyDelete