Scribd Logo
Importer

Bienvenue sur Scribd !

  • Apache Configuration For HTTP and HTTPS

    Transféré par

    Remon Agit Rimang
    41 vues7 pages
    The module mod_ssl ( provides ssl / TLS support to httpd. It is available in the httpd installation as a part of the apache2-common package. To activate the new configuration, you need to run: service apache2 restart.

    Description originale:

    Titre original

    Apache Configuration for HTTP and HTTPS

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The module mod_ssl ( provides ssl / TLS support to httpd. It is available in the httpd installation as a part of the apache2-common package. To activate the new configuration, you need to run: service apache2 restart.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    41 vues7 pages

    Apache Configuration For HTTP and HTTPS

    Transféré par

    Remon Agit Rimang
    The module mod_ssl ( provides ssl / TLS support to httpd. It is available in the httpd installation as a part of the apache2-common package. To activate the new configuration, you need to run: service apache2 restart.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    1|Page

    Apache Configuration for HTTP and HTTPS


    Step 1: Install the Apache2 package
    There is an Apache httpd package readily available for aptitude under the name apache2. To
    install it, run the following command from the terminal.
    #apt-get install apache2

    http://hostname

    It works!
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.

    Step 2: Configure httpd to support SSL


    The module mod_ssl (http://httpd.apache.org/docs/2.0/mod/mod_ssl.html) provides SSL/TLS
    support to httpd. It is available in the httpd installation as a part of the apache2-common package.
    On Ubuntu/Debian, use the following commands to enable SSL
    #a2ensite default-ssl

    Enabling site default-ssl.


    To activate the new configuration, you need to run:
    service apache2 reload
    #a2enmod ssl

    Enabling module ssl.


    See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create
    self-signed certificates.
    To activate the new configuration, you need to run:
    service apache2 restart
    As written, lets restart Apache2 to apply the changes with the following command:
    #service apache2 restart

    That command yields the following outcome:


    * Restarting web server apache2 waiting
    2|Page

    That command yields the following outcome:


    * Restarting web server apache2 waiting
    and restart httpd:
    #/etc/init.d/apache2 restart

    Which yields again:


    * Restarting web server apache2 waiting
    To test that the module was properly installed, open the following address in your
    browser: https://hostname. The first time you access the page, the browser will warn you that
    the certificate of the site is not trusted. You can proceed and you will get to the same page as
    before:

    It works!
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.

    Step 3: Generate a self-signed certificate


    To use a self-signed certificate, the package ssl-cert must be installed, which it was on my
    install.
    I wanted to configure my own self-signed certificate for the server and to store it in
    /etc/apache2/ssl. To do so, run the following command from the terminal:
    #mkdir /etc/apache2/ssl
    #/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.crt

    The command prompts you to enter the hostname to use in the certificate. Once done, you can
    now see that there is a new file in the /etc/apache2/ssl directory:
    drwxr-xr-x 2 root root 4096 2011-12-16 14:40 ./
    drwxr-xr-x 8 root root 4096 2011-12-16 14:12 ../
    lrwxrwxrwx 1 root root 10 2011-12-16 14:40 a9630d61 -> apache.crt
    -rw- 1 root root 2685 2011-12-16 14:40 apache.crt
    That last command will have generated an apache.crt file that contains both the certificate and
    the key. Lets now separate that file into two files:

    3|Page

    apache.pem to store the certificate


    apache.key to store the key

    I will simply copy the original apache.crt file twice, one with each name and edit each file.
    #cd /etc/apache2/ssl
    #cp apache.crt apache.pem
    #cp apache.crt apache.key

    The apache.pem file must contain everything from the beginning line to the ending line of the certificate
    -----BEGIN CERTIFICATE----...
    -----END CERTIFICATE----The apache.key file must contain everything from the beginning line to the ending line of the key
    -----BEGIN PRIVATE KEY----...
    -----END PRIVATE KEY-----

    Step 4: Configure httpd to use the certificate


    Now, I have to configure httpd to use my new certificate. To do so, I edit the configuration with
    nano
    #nano /etc/apache2/sites-enabled/default-ssl
    We have to update the following two lines
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    with the following two lines
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
    The private key shall only be readable by root:
    #chmod 600 /etc/apache2/ssl/apache.key
    4|Page

    Lets now restart Apache2


    #/etc/init.d/apache2 restart

    Step 5: Disable the HTTP port


    On Ubuntu/Debian, the enabled ports are defined in /etc/apache2/ports.conf. As I want to
    disable the HTTP listener, I simply disable that port in that file by commenting out the following
    two lines:
    #NameVirtualHost *:80
    #Listen 80

    Final test
    To check that everything works fine, lets try to access the page at http://localhost with curl
    curl http://localhost curl: (7) couldn't connect to host
    Lets no try to access the page at https://localhost with curl -k. The -k is used to allow
    connections from sites without a certificate.

    # curl -k https://localhost</pre>
    <h1>It works!</h1>
    <pre>
    This is the default web page for this server.
    The web server software is running but no content has been added, yet.
    =============================================end====================================

    5|Page

    Example Apache Configuration on Drupal Turnkey


    /etc/apache2/ports.conf
    Listen 80
    <IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
    </IfModule>
    <IfModule mod_gnutls.c>
    Listen 443
    </IfModule>
    Listen 12322

    /etc/apache2/sites-enabled/drupal6
    NameVirtualHost *:80
    NameVirtualHost *:443
    <VirtualHost *:80>
    UseCanonicalName Off
    ServerAdmin webmaster@localhost
    DocumentRoot /usr/share/drupal6/
    </VirtualHost>
    <VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cert.pem
    ServerAdmin webmaster@localhost
    DocumentRoot /usr/share/drupal6/
    </VirtualHost>
    <Directory /usr/share/drupal6/>
    Options +FollowSymLinks
    AllowOverride All
    order allow,deny
    allow from all
    </Directory>

    6|Page

    /etc/apache2/sites-enabled/phpmyadmin
    <VirtualHost *:12322>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cert.pem
    ServerAdmin webmaster@localhost
    DocumentRoot /usr/share/phpmyadmin/
    </VirtualHost>
    <Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php
    <Files setup.php>
    Deny from all
    </Files>
    <IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_flag register_globals Off
    php_value include_path .
    </IfModule>
    </Directory>

    7|Page

    Vous aimerez peut-être aussi