linux:commserv:apache2:config

Apache

SSL (https)

A special thing for getting Apache2 starting withaut user-interaction is also to store a decrypted key, since without Apache will ask at every start for the password…

mv /etc/ssl/private/station7_key.pem /etc/ssl/apache2/private/station7_secure-key.pem
openssl rsa -in /etc/ssl/private/station7_secure-key.pem -out /etc/ssl/apache2/private/station7_decrypted-key.pem

Enable mod_ssl and mod_rewrite in /etc/sysconfig/apache2:
Modify the APACHE_MODULES:

APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env expires include log_config mime negotiation \ 
rewrite setenvif suexec userdir php4 php5"

with the ssl-module:

APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env expires include log_config mime negotiation \ 
rewrite setenvif suexec userdir php4 php5 ssl"

and the APACHE_SERVER_FLAGS:

APACHE_SERVER_FLAGS="SSL"

Modify /etc/apache2/listener.conf:

Listen 80
<IfDefine SSL>
  <IfDefine !NOSSL>
      <IfModule mod_ssl.c>
          Listen 443
      </IfModule>
  </IfDefine>
</IfDefine>

# Use name-based virtual hosting
NameVirtualHost *:80
NameVirtualHost *:443

Create two virtual-host configurations:
/etc/apache2/vhosts.d/station7.conf:

<VirtualHost *:80>
  ServerAdmin hostmaster@example.com
  ServerName station7.example.com
  DocumentRoot /srv/www/htdocs/
  ErrorLog /var/log/apache2/station7_error.log
  CustomLog /var/log/apache2/station7_access.log combined
  ServerSignature On

  # This rule will redirect users from their original location, to the same location but using HTTPS.
  # i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
  # enable mod_rewrite:
  RewriteEngine On

  # check if connection is not already https:
  RewriteCond %{HTTPS} !=on

  # force https:
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

and /etc/apache2/vhosts.d/station7-ssl.conf:

<IfDefine SSL>
<IfDefine !NOSSL>

<VirtualHost *:443>
      DocumentRoot /srv/www/htdocs/
      ServerName station7.example.com:443
      ServerAdmin hostmaster@example.com
      ErrorLog /var/log/apache2/station7-ssl_error.log
      TransferLog /var/log/apache2/station7-ssl_access.log
      SSLEngine on
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /etc/ssl/certs/station7_cert.pem
      SSLCertificateKeyFile /etc/ssl/private/station7_decrypted-key.pem
      <Files ~ "\.(cgi|shtml|phtml|php3?)$">
          SSLOptions +StdEnvVars
      </Files>
      <Directory "/srv/www/cgi-bin">
          SSLOptions +StdEnvVars
      </Directory>
      SetEnvIf User-Agent ".*MSIE.*" \
               nokeepalive ssl-unclean-shutdown \
               downgrade-1.0 force-response-1.0
      CustomLog /var/log/apache2/ssl_request.log   ssl_combined
</VirtualHost>

</IfDefine>
</IfDefine>

← index