Apache/SSL
Install and Configure Apache2 with PHP5 and SSL Support
Required Packages
[edit | edit source]apache2 openssl ssl-cert libapache2-mod-php5 php5-cli php5-common php5-cgi
Configuration Steps
[edit | edit source]Step 1: generate certificate
[edit | edit source]For generating certificate Use the following command to generate certificates
sudo openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -
keyout /etc/apache2/apache.pem
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:West Bengal Locality Name (eg, city) []:Kolkata Organization Name (eg, company) [Internet Widgits Pty Ltd]:MAT3 Impex Pvt. Ltd. Organizational Unit Name (eg, section) []:Crypto-Devel Common Name (eg, YOUR name) []:Promathesh Mandal Email Address []:[email protected]
This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the following command to set the correct permissions
sudo chmod 600 /etc/apache2/apache.pem
Note: For generating a certificate signing request give the following command
sudo openssl req -new -key apache.pem -out chikpea.csr
Step 2: listen the port
[edit | edit source]By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.
Listen 443
Step 3: enable SSL support
[edit | edit source]If you want to enable SSL support for your apache web server you need to use the following command
sudo a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable. Now you need to restart the apache2 server using the following command
sudo /etc/init.d/apache2 restart
Step 4: configuring SSL Certificate to Virtual Hosts in Apache2
[edit | edit source]First you need to edit the /etc/apache2/sites-available/default file change
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80.
Example
[edit | edit source] ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Now you need to restart your apache web server using the following command
sudo /etc/init.d/apache2 reload
Sample Files : sample for “ports.conf” file
Listen 80
Listen 443
sample for “default” file
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>