SOHO : Small Office Home Office
Freeware - Opensource software tips, tricks, tweaks & fixes for managing, securing, improving the performance of SOHO Desktop, Laptop, Networks

Monday, September 14, 2020

Apache2 : Setup https with self signed certificate and redirect http to https

Note : Internet Browser will issue warning  on self signed certificates.

Self signed secure socket layer (TLS/SSL) certificate, to enable https on apache2 server. Even though the server is on lan, security is a concern when there is a large group of nodes. A zero cost self signed certificate is generated and all http request is rerouted to https

  • Create a folder to hold certificate

sudo mkdir /etc/apache2/ssl

 

  • Create cretificate and key valid for three years (days 1095 is 3 years)

sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

 

  • Openssl information of certificate

Country Name (2 letter code) [AU]: IN
State or Province Name (full name) [Some-State]: KA
Locality Name (eg, city) []: Bangalore
Organization Name (eg, company) [My Company]: my company
Organizational Unit Name (eg, section) []: IT
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []:
192.168.2.3 or secure.myserver.lan 
Email Address []:dummy@example.com
                     
                    • Enable ssl

                    sudo a2enmod ssl

                     

                    • Edit config file (my personal preference I add both http and https conf in one file)

                    <VirtualHost  *:80>

                    ServerName myserver.lan

                    ServerAlias www.myserver.lan

                    ServerAdmin servername@localhost

                    ErrorLog ${APACHE_LOG_DIR}/myserver-lan-error.log

                    CustomLog ${APACHE_LOG_DIR}/myserver-lan-access.log combined

                                        # below line will redirect all http request to https 

                    Redirect permanent / https://myserver.lan

                    </VirtualHost>

                    <VirtualHost  *:443>

                    ServerName myserver.lan

                    ServerAdmin servername@localhost

                    DocumentRoot /var/www/secure

                    <Directory /var/www/secure/>

                    require host localhost

                    require ip 127.0.0.1

                    require ip 192.168

                    </Directory>

                    ErrorLog ${APACHE_LOG_DIR}/myserver_lan-error.log

                    CustomLog ${APACHE_LOG_DIR}/myserver_lan.log combined

                    SSLEngine on

                    SSLCertificateFile  /etc/apache2/ssl/myservre-lan.crt

                    SSLCertificateKeyFile  /etc/apache2/ssl/myserver-lan.key

                    <FilesMatch "\.(cgi|shtml|phtml|php)$">

                    SSLOptions +StdEnvVars

                    </FilesMatch>

                    <Directory /usr/lib/cgi-bin>

                    SSLOptions +StdEnvVars

                    </Directory>

                    </VirtualHost> 


                    • Restart apache

                    sudo systemctl restart apache2

                     

                    • Enable firewall

                    sudo ufw allow 'Apache full'

                     

                    For named virtual host create ssl certificates as per the domain name and follow the above steps.


                    No comments:

                    Post a Comment