Configuring Apache to use SSL: Difference between revisions

Jump to navigation Jump to search

Configuring Apache to use SSL (view source)

Revision as of 19:38, 25 May 2023

6 bytes added ,  1 year ago
no edit summary
No edit summary
No edit summary
Line 25: Line 25:
<!--T:4-->
<!--T:4-->
<ol>
<ol>
<li>'''Activate the SSL module'''<br/>
<li><b>Activate the SSL module</b><br/>
Once Apache has been installed (see [[Creating_a_Webserver_on_the_Cloud#Install_Apache2 | Installing Apache]]) the SSL module must be enabled with{{Commands|sudo a2enmod ssl|sudo service apache2 restart}}
Once Apache has been installed (see [[Creating_a_Webserver_on_the_Cloud#Install_Apache2 | Installing Apache]]) the SSL module must be enabled with{{Commands|sudo a2enmod ssl|sudo service apache2 restart}}
</li>
</li>
<li>'''Create a self-signed SSL certificate'''{{Command| sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt}}
<li><b>Create a self-signed SSL certificate</b>{{Command| sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt}}
If you are asked for a pass phrase this likely means you missed the <code>-node</code> option: please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses:
If you are asked for a pass phrase this likely means you missed the <code>-node</code> option: please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses:


Line 43: Line 43:
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be replaced with the floating-IP associated with the virtual machine.
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be replaced with the floating-IP associated with the virtual machine.
</li>
</li>
<li>'''Set ownership and permissions'''<br/>
<li><b>Set ownership and permissions</b><br/>
Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}}
Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}}
</li>
</li>
<li>'''Configure Apache to use the certificate'''<br/>
<li><b>Configure Apache to use the certificate</b><br/>
Edit Apache's ssl configuration file with
Edit Apache's ssl configuration file with
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}}
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}}
Line 58: Line 58:
</li>
</li>
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to.
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to.
<li>'''Tighten security'''<br/>
<li><b>Tighten security</b><br/>
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
<pre>
<pre>
Line 75: Line 75:
inside the <nowiki><VirtualHost></nowiki> tag.
inside the <nowiki><VirtualHost></nowiki> tag.
</li>
</li>
<li>'''Enable the SSL-enabled website'''<br/>
<li><b>Enable the SSL-enabled website</b><br/>
{{Commands|sudo a2ensite default-ssl.conf|sudo service apache2 restart}}
{{Commands|sudo a2ensite default-ssl.conf|sudo service apache2 restart}}
</li>
</li>
</ol>
</ol>
</translate>
</translate>
Diane27
rsnt_translations
56,420

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/137025"

Navigation menu