Scribd
Upload
56 views

Apache2 SSL in Ubuntu: From Linodewiki

This document provides instructions for setting up SSL encryption with Apache2 on Ubuntu. It describes installing required packages, generating an SSL certificate, enabling the SSL and rewrite modules, configuring Apache to listen on port 443, creating an SSL virtual host, and forcing HTTPS redirection with mod_rewrite rules. The steps include using the apache2-ssl-certificate tool to generate a 1-year certificate, editing the Apache configuration files, and restarting the service.

Uploaded by

filmiigrice
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
56 views

Apache2 SSL in Ubuntu: From Linodewiki

This document provides instructions for setting up SSL encryption with Apache2 on Ubuntu. It describes installing required packages, generating an SSL certificate, enabling the SSL and rewrite modules, configuring Apache to listen on port 443, creating an SSL virtual host, and forcing HTTPS redirection with mod_rewrite rules. The steps include using the apache2-ssl-certificate tool to generate a 1-year certificate, editing the Apache configuration files, and restarting the service.

Uploaded by

filmiigrice
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Apache2 SSL in Ubuntu - LinodeWiki

http://www.linode.com/wiki/index.php/Apache2_SSL_in_...

Apache2 SSL in Ubuntu


From LinodeWiki
This is a community-maintained page that's being kept for historical purposes. For the ocial Linode documentation please visit the Linode Library (http://library.linode.com/web-servers/apache/ssl-guides) .

Contents
1 Apache2 SSL 1.1 Install packages 1.2 Generate the certicate 1.3 Enable the SSL module 1.4 Listen to port 443 1.5 Create and enable the SSL site 1.6 Mod rewrite

Apache2 SSL
This guide will help you setup SSL with apache2. Note: This manual applies to ubuntu versions prior to Ubuntu Feisty (7.04). The apache2-ssl-certicate script used in this manual isn't included anymore starting from Feisty. Please check the ocial Ubuntu documentation: https://help.ubuntu.com/8.04/serverguide/C/httpd.html for instructions how to setup apache2 with SSL.

Install packages
First make sure all needed packages are installed.
sudo apt-get install apache2 libapache-mod-ssl

Note: libapache-mod-ssl is not an ubuntu package anymore since see https://help.ubuntu.com/7.10/server/C/httpd.html#https-conguration

Generate the certicate


Create a certicate which is valid for one year.

1 of 4

10/07/12 09:12

Apache2 SSL in Ubuntu - LinodeWiki

http://www.linode.com/wiki/index.php/Apache2_SSL_in_...

sudo apache2-ssl-certificate -days 365

Enable the SSL module


sudo a2enmod ssl

Listen to port 443


sudo bash echo "Listen 443" >> /etc/apache2/ports.conf

Create and enable the SSL site


sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Modify it so it looks something like this


NameVirtualHost *:443 <virtualhost *:443> ServerAdmin webmaster@localhost SSLEngine On

1. Use pem instead of key in order not to be prompted for password. 2. Point where your crt and pem is stored as well.
SSLCertificateFile /etc/apache2/ssl/certs/apache.crt SSLCertificateKeyFile /etc/apache2/apache-ssl/apache.pem DocumentRoot /var/www/ <directory /> Options FollowSymLinks AllowOverride None </directory> <directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ </directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </directory>

2 of 4

10/07/12 09:12

Apache2 SSL in Ubuntu - LinodeWiki


ErrorLog /var/log/apache2/error.log

http://www.linode.com/wiki/index.php/Apache2_SSL_in_...

# Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </directory> </virtualhost>

...and enable it
sudo a2ensite ssl

Mod rewrite
It's always good to force users to access things like webmail via https, this can be accomplished with mod_rewrite. First you'll have to enable the module
sudo a2enmod rewrite

Then add the following to /etc/apache2/sites-available/default


RewriteEngine RewriteCond RewriteRule RewriteLog RewriteLogLevel on %{SERVER_PORT} ^80$ ^/webmail(.*)$ https://%{SERVER_NAME}/webmail$1 [L,R] "/var/log/apache2/rewrite.log" 2

If you want to force an SSL connection and redirect all trac from port 80 to port 443 (HTTPS), use this instead:
RewriteEngine RewriteCond RewriteRule on %{SERVER_PORT} ^80$ ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

I had trouble with the above working. I ended up with a 302 Found response with a bad URL. Instead, I found this achieved what I was looking for. I put this at the top of the le to force my whole server to use SSL:
RewriteEngine RewriteCond on %{HTTPS} !=on

3 of 4

10/07/12 09:12

Apache2 SSL in Ubuntu - LinodeWiki


RewriteRule ^(.*)$ https://servername/$1 [L,R]

http://www.linode.com/wiki/index.php/Apache2_SSL_in_...

Don't forget to restart apache


sudo /etc/init.d/apache2 force-reload

For those of you that are having issues using either of the above rewrite-rules (eg: a normal http:// url with say a sub-folder, being returned to the root), try this one. This literally takes the whole URL and simply redirects it to HTTPS.
RewriteEngine RewriteCond RewriteRule on %{SERVER_PORT} ^80$ ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Additionally, using force-reload seems to be having issues with 2.2.x, so just do a straight restart if you can aord a couple seconds of down time on your web server.

Original Link: Apache2 SSL [1] (https://wiki.ubuntu.com/forum/server/apache2/SSL)


Retrieved from "http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu" Category: Tutorials This page was last modied on 22 May 2012, at 04:23.

4 of 4

10/07/12 09:12

You might also like