SSL in Apache
I recently tested setting up SSL for my web server. I will outline how I set this up using a self-signed certificate. Some useful references are this, this, this, and this.
I assume Apache is up and running and OpenSSL is installed.
Set up SSL certificates:
sudo a2enmod ssl
cd /etc/apache2
sudo openssl genrsa -des3 -out server.key 1024 ## leave out -des3 so I don't have to enter passphrase every time
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs/
sudo cp server.key /etc/ssl/private/
Now, place the following in the site configuration file (in /etc/sites-enabled/
) before ==:
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
For example, I changed my /etc/apache2/sites-available/www.mydomain.com
from
# Basic setup
ServerAdmin my.email@my.domain.com
ServerName www.mydomain.com
DocumentRoot /home/user/www.mydomain.com/htdocs/
# HTML documents, with indexing.
Options +Includes
# CGI Handling
ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/
Options +ExecCGI
# Logfiles
ErrorLog /home/user/www.mydomain.com/logs/error.log
CustomLog /home/user/www.mydomain.com/logs/access.log combined
to
## following 2 for ssl
NameVirtualHost *:443
NameVirtualHost *:80
# Basic setup
ServerAdmin my.email@my.domain.com
ServerName www.mydomain.com
DocumentRoot /home/user/www.mydomain.com/htdocs/
# HTML documents, with indexing.
Options +Includes
# CGI Handling
ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/
Options +ExecCGI
# Logfiles
ErrorLog /home/user/www.mydomain.com/logs/error.log
CustomLog /home/user/www.mydomain.com/logs/access.log combined
# Basic setup
ServerAdmin my.email@my.domain.com
ServerName www.mydomain.com
DocumentRoot /home/user/www.mydomain.com/htdocs/
# HTML documents, with indexing.
Options +Includes
# CGI Handling
ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/
Options +ExecCGI
# Logfiles
ErrorLog /home/user/www.mydomain.com/logs/error.log
CustomLog /home/user/www.mydomain.com/logs/access.log combined
# Authenticatiion
ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/
Options +ExecCGI
# Logfiles
ErrorLog /home/user/www.mydomain.com/logs/error.log
CustomLog /home/user/www.mydomain.com/logs/access.log combined
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
Now I can use both http
or https
when accessing my site.
I run multiple sites on the same server. I wanted to use SSL on one or all of these sites, but that is not possible without having a static IP for each site. The reason is the HTTP header is encrypted, so Apache doesn't know which site to take you to. See this and this for explanations.