Cups over ssl help
Ricky Armstead
rarmstead at bluecanopy.com
Thu Nov 30 03:50:52 PST 2006
I currently run cups 1.2.7 on gentoo. When I go to http://localhost:631/ it allows me to do administration from there. I would like that address to be https://localhost:443/.
Do you have to manually generate a cert and a server key, and put it in /etc/cups/ssl. Or does cups automatically generate one when you compile cups?
As of now I cannot access neither web interface to do administration.
My error log
d [30/Nov/2006:06:48:34 -0500] cupsdStartListening: 4 Listeners
I [30/Nov/2006:06:48:34 -0500] Listening to 0.0.0.0:443 on fd 2...
E [30/Nov/2006:06:48:34 -0500] Unable to open listen socket for address :::443 - Address family not supported by protocol.
E [30/Nov/2006:06:48:34 -0500] Unable to bind socket for address 0.0.0.0:443 - Address already in use.
E [30/Nov/2006:06:48:34 -0500] Unable to open listen socket for address :::443 - Address family not supported by protocol.
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: CUPS_SERVER=localhost
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: CUPS_ENCRYPTION=IfRequested
d [30/Nov/2006:06:48:34 -0500] cupsdSetEnv: IPP_PORT=443
d [30/Nov/2006:06:48:34 -0500] cupsdResumeListening: Setting input bits...
d [30/Nov/2006:06:48:34 -0500] cupsdResumeListening: Adding fd 2 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdStartBrowsing: Adding fd 3 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdStartServer: Adding fd 4 to InputSet...
d [30/Nov/2006:06:48:34 -0500] cupsdAddCert: adding certificate for pid 0
d [30/Nov/2006:06:48:34 -0500] cupsdAddCert: NumSystemGroups=1
MY cupsd.conf looks like this:
# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
#LogLevel debug
LogLevel debug2
# Administrator user group...
#SystemGroup lpadmin
# Only listen for connections from the local machine.
#Listen localhost:631
Port 443
Port 631
#Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
#Browsing On
#BrowseOrder allow,deny
#BrowseAllow @LOCAL
# encryption
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
SSLPort 443
<Location />
Encryption Required
</Location>
# Type of Encryption if requested
DefaultEncryption IfRequested
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Restrict access to the server...
<Location />
# Order allow,deny
# Allow localhost
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 10.1.2.*
Allow From 10.1.6.*
Allow From 10.1.4.*
Allow From 10.1.11.*
</Location>
# Restrict access to the admin pages...
<Location /admin>
# Encryption Required
# Order allow,deny
# Allow localhost
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 10.1.2.*
Allow From 10.1.6.*
Allow From 10.1.4.*
Allow From 10.1.11.*
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
# AuthType Basic
# Require user @SYSTEM
# Order allow,deny
# Allow localhost
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 10.1.2.*
Allow From 10.1.6.*
Allow From 10.1.4.*
Allow From 10.1.11.*
</Location>
# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an adminstrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM @wheel @IT root
Order deny,allow
</Limit>
# All administration operations require an adminstrator to authenticate...
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM @IT @wheel @IT root
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM @IT @wheel @IT root
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
any help would be appreciated thanks!
More information about the cups
mailing list