Apache Setup

From Wiki
Jump to: navigation, search

What's Apache


Install Apache

Enable SSL

Generating A Certificate

Generating a certificate from scratch will give you something which will be used to protect the traffic exchanged between clients and your server, however it will be unsigned by a trusted certificate authority so it will generate warnings.

Importing a paid and "trusted" certificate will avoid this problem, but that is beyond the scope of this simple introduction.

Generating an SSL certificate for Apache2 may be accomplished using the apache2-ssl-certificate script. This will ask you questions interactively then generate the certificate file appropriately.

Here's a sample session:

# apache2-ssl-certificate

creating selfsigned certificate
replace it with one signed by a certification authority (CA)

enter your ServerName at the Common Name prompt

If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
writing new private key to '/etc/apache2/ssl/apache.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:ES
State or Province Name (full name) [Some-State]:Catalunya
Locality Name (eg, city) []:Barcelona
Organization Name (eg, company; recommended) []:Joan Pere
Organizational Unit Name (eg, section) []:
server name (eg. ssl.domain.tld; required!!!) []:asdf.virtualitzacio.cat
Email Address []: admin@virtualitzacio.cat

Enabling SSL Support

To use the SSL facilities of Apache2 you must enable the module mod_ssl, this can be achieved using the helper tool a2enmod (We've previously discussed the Apache2 helper scripts.)

As root run:

# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Once this is done you'll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 - and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:

Listen 443

With these two steps out of the way you now have an Apache setup which will listen for and accept SSL connections. The next step is to modify your virtualhosts to use it.

Configuring your SSL Hosts

With a certificate setup, and the server updated to load and listen for incoming SSL connections you're almost finished. The final step is to ensure that your virtual hosts, or main host, will accept SSL options.

I use virtual hosts upon my machine and this just means adding a couple of options to each one I wish to use SSL:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem

For reference here is a complete example which should be easy to modify/understand (/etc/apache2/sites-enabled/000-default):

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
       ServerName server.virtualitzacio.cat
       DocumentRoot /var/www/
       ErrorLog /var/log/apache2/error.log
       CustomLog /var/log/apache2/access.log combined

<VirtualHost *:443>
       ServerName server.virtualitzacio.cat
       DocumentRoot /var/www/
       ErrorLog /var/log/apache2/error.log
       CustomLog /var/log/apache2/access.log combined
       SSLEngine on
       SSLCertificateFile /etc/apache2/ssl/apache.pem

Force to use https instead of http

Inside the virtual host for the port 80, we can add:

	Redirect permanent / https://www.mywep.com/