Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04 Rumi, February 10, 2019 Step 1: Generating the certificate First, let’s create a place to store the file. mkdir ~/certificates cd ~/certificates Generate CSR and private key. openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes It will ask for information for the certificate request. Complete with the appropriate information. Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: FL Locality Name (eg, city) []: Miami Organization Name (eg, company) [My Company]: My Company Organizational Unit Name (eg, section) []: Common name should be your domain name or the server’s IP address. Also, fill in your email. Common Name (e.g. server FQDN or YOUR name) []: 203.0.113.122 Email Address []:webmaster@example.com Now, move the certificate to Apache configuration folder. mkdir /etc/apache2/ssl mv ~/certificates/* /etc/apache2/ssl/. The certificate is ready! Next, we will prepare Apache to work with the certificate. Step 2: Firewall configuration We have to make sure TCP port 443 is open. This port is used in SSL connections instead of port 80. In this tutorial, we will be using UFW. Make sure UFW is enabled. sudo ufw enable Now allow the predefined Apache settings for the firewall. sudo ufw allow 'Apache Full' By typing “sudo ufw status”, you can see a list of the current rules. Your configuration should resemble this: To Action From -- ------ ---- Apache Full ALLOW Anywhere OpenSSH ALLOW Anywhere Apache Full (v6) ALLOW Anywhere (v6) OpenSSH (v6) ALLOW Anywhere (v6) You should also allow OpenSSH here for future connections. sudo ufw allow 'OpenSSH' Step 3: Apache virtual host configuration Navigate to the default Apache site config directory. sudo nano /etc/apache2/sites-available/default-ssl.conf This file tells the server where to look for the SSL certificate. With the comments removed, it should look like the following config. <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> Edit this line: ServerAdmin email@example.net Add this right below the ServerAdmin line: ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERE Now, edit these lines with our certificate location: SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key Our final file should resemble this: <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin email@example.net ServerName 203.0.113.122 DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule> Save and close the file. Step 4: Enabling Apache SSL module Enable the SSL module by typing: sudo a2enmod ssl Now enable the site we have just edited: sudo a2ensite default-ssl.conf Restart Apache: sudo service apache2 restart Let’s access the new secure website! Open it in your browser (make sure you type https://). https://YOUR_SERVER_IP Your browser will warn you that the certificate is invalid, as we expected. This happens because the certificate is not signed. Follow the steps offered by your browser to proceed to your site. Step 5: Redirect all HTTP traffic to HTTPS (Optional) Open the Apache default virtual host file: nano /etc/apache2/sites-available/000-default.conf Add this line inside the <VirtualHost *:80> tag: Redirect / https://YOUR_SERVER_IP_OR_DOMAIN/ Reload Apache configuration: sudo service apache2 reload All website traffic will now automatically redirect to HTTPS. Src: https://www.vultr.com/docs/configure-apache-with-select-signed-tls-ssl-certificate-on-ubuntu-16-04 Related Administrations Collected Articles Configurations (Linux) SSLUbuntuUbuntu 16.04
.htaccess tips and tricks July 9, 2011 Redirecits redirectpermanent /training/test.html http://www.example.com/learning/newtest.html Allow SSI FIles AddType text/html .shtml .shtm .htm .html AddHandler server-parsed .shtml .shtm .htm .html Parsing PHP in HTML RemoveHandler .html .htm AddType application/x-httpd-php .php .htm .html Allow or prevent directory browing IndexIgnore */* Options +Indexes Password Protection <Files secret_file.html> AuthType Basic AuthName "Team Page" AuthUserFile… Read More
Send Email from Linux Terminal May 12, 2018 1. Using ‘sendmail’ Command Sendmail is a most popular SMTP server used in most of Linux/Unix distribution. Sendmail allows sending email from command line. Use below instructions to send email using ‘sendmail‘ command. Create a file using following content. [root@tecadmin ~]# nano /tmp/email.txt Subject: Terminal Email Send Email Content line… Read More
Configuring Postfix to block outgoing mail to all but one domain September 6, 2019 This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!); When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you… Read More