rsnt_translations
56,430
edits
Configuring Apache to use SSL: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 25: | Line 25: | ||
<!--T:4--> | <!--T:4--> | ||
<ol> | <ol> | ||
<li> | <li><b>Activate the SSL module</b><br/> | ||
Once Apache has been installed (see [[Creating_a_Webserver_on_the_Cloud#Install_Apache2 | Installing Apache]]) the SSL module must be enabled with{{Commands|sudo a2enmod ssl|sudo service apache2 restart}} | Once Apache has been installed (see [[Creating_a_Webserver_on_the_Cloud#Install_Apache2 | Installing Apache]]) the SSL module must be enabled with{{Commands|sudo a2enmod ssl|sudo service apache2 restart}} | ||
</li> | </li> | ||
<li> | <li><b>Create a self-signed SSL certificate</b>{{Command| sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt}} | ||
If you are asked for a pass phrase this likely means you missed the <code>-node</code> option: please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses: | If you are asked for a pass phrase this likely means you missed the <code>-node</code> option: please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses: | ||
| Line 43: | Line 43: | ||
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be replaced with the floating-IP associated with the virtual machine. | The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be replaced with the floating-IP associated with the virtual machine. | ||
</li> | </li> | ||
<li> | <li><b>Set ownership and permissions</b><br/> | ||
Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}} | Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}} | ||
</li> | </li> | ||
<li> | <li><b>Configure Apache to use the certificate</b><br/> | ||
Edit Apache's ssl configuration file with | Edit Apache's ssl configuration file with | ||
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}} | {{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}} | ||
| Line 58: | Line 58: | ||
</li> | </li> | ||
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to. | Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to. | ||
<li> | <li><b>Tighten security</b><br/> | ||
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding | Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding | ||
<pre> | <pre> | ||
| Line 75: | Line 75: | ||
inside the <nowiki><VirtualHost></nowiki> tag. | inside the <nowiki><VirtualHost></nowiki> tag. | ||
</li> | </li> | ||
<li> | <li><b>Enable the SSL-enabled website</b><br/> | ||
{{Commands|sudo a2ensite default-ssl.conf|sudo service apache2 restart}} | {{Commands|sudo a2ensite default-ssl.conf|sudo service apache2 restart}} | ||
</li> | </li> | ||
</ol> | </ol> | ||
</translate> | </translate> | ||