 |
| https configuration |
Tags: apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config, apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate
Question : how to configure HTTP in Linux centos 6 , rhel 6
Question : step by step HTTP configuration in Linux centos6 , rhel6
Question : step by step http & https configuration in Linux cento6 , rhel6
Question : How to generate SSL Certs ?
IP - 10.20.2.33
Hostname - khandwa.lokesh.com
OS - CentOS 6
PORT HTTP - 80, HTTPs - 443
Apache is a free and opensource Web server. It s Supports all major distribution such as windows, Linux , Solaris and Mac operating system.
Some important directories are listed below
/etc/httpd - Main Apache root configuration directory.
/etc/httpd/conf.d - Additional Apache configuration files provided by third party software
/etc/httpd/conf/httpd.conf - httpd main configuration file.
/var/lib/httpd/modules - Configuration files for additional modules
/etc/log/httpd - Contains log files
/var/www - Main web document root directory.
To Install Require Package using yum or rpm
yum install http*
To Restart httpd service & enable to start for every boot.
service httpd restart checkconfig httpd on
Verify service status
service httpd status
Test Web Server in any Browser Using following Url :
http://your_IP_address.
or
http://your _hostname.
Create Virtual Hosts :
Configure / Run several websites on the same server called a virtual hosting . Virtual hosts can be "IP-based", meaning that you have a different IP address for every web site, or "name-based", meaning that you have multiple names running on each IP address.
(*) you can set IP address of your server
NameVirtualHost *:80
Step 1:
Create a directory for content of website, we can choose any name and create directory :
mkdir /var/www/html/lokesh.com
Create a index file under lokesh.com directory
vi /var/www/html/lokesh.com/index.html
Step 2
We will Create new virtual host configuration file under the additional configuration directory
vi /etc/httpd/conf.d/lokesh.conf
Go to insert mode & type following lines
<VirtualHost 10.20.2.33:80> ServerAdmin lokesh@lokesh.com DocumentRoot /var/www/html/lokesh.com ServerName lokesh.com ErrorLog logs/lokesh.com-error_log CustomLog logs/lokesh.com-access_log common</VirtualHost>
Step 3
To Check Syntax Error in Apache Configuration
service httpd configtest
Basic Configuration of HTTP is almost done now we will restart httpd service,
service httpd restart
HTTPs Configuration | Apache Security | HTTPs
Install Require Package Using yum
yum install opensslyum install mod_ssl Or mod_nss ( only one of them)
Setting Up an SSL Server:
A cryptographic protocol that allows a server and a client to communicate securely called Secure Sockets Layer (SSL). Along with its extended and improved version called Transport Layer Security (TLS), it ensures both privacy and data integrity.
The Apache HTTP Server in combination with mod_ssl, a module that uses the OpenSSL toolkit to provide the SSL/TLS support, is commonly referred to as the SSL server.
Enabling / Disabling SSL and TLS
vi /etc/httpd/conf.d/ssl.conf
Edit the SSLProtocol line as follows
To Restart httpd service
service httpd restart
Test SSL / TLS Protocols
openssl s_client -connect localhost:443 -ssl3
Check https listen port in : etc/httpd/conf.d/ssl.conf. it should always enable with 443 port
Listen: 443
Generating SSL Certificate
Method 1
To install crypto utility
yum install crypto-utils
To run the utility:
genkey <hostname>genkey khandwa.lokesh.com
Review the target locations in which the key and certificate will be stored
Select "Next" Using the up and down arrow keys,
Now select a suitable key size
Press "Next"
Generate CSR = Yes
encrypt the private key = check & hit enter
set private key passphrase = choose pass & next
Enter your certificate detail
Press "Next" & then "Finish"
Method 2
Generate a self-signed certificate : Generate private key
openssl genrsa -out ca.key 2048
Here ca.key is a key name & 2048 is key size.
Generate CSR
openssl req -new -key ca.key -out ca.csr
Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Copy files to the correct locations
cp ca.crt /etc/pki/tls/certscp ca.key /etc/pki/tls/private/ca.keycp ca.csr /etc/pki/tls/private/ca.csr
Note - If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.
restorecon -RvF /etc/pki
Add certs file in Apache Configuration
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Now Create Virtual Hosts for HTTPs with same process like http.
mkdir /var/www/html/khandwa.lokesh.com
vi /var/www/html/khandwa.lokesh.com/index.html
Configure VirtualHost
vi /etc/httpd/conf.d/khandwa.lokesh.conf
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/html>
AllowOverride All
< /Directory>
DocumentRoot /var/www/html
ServerName khandwa.lokesh.com
ServerAdmin lokesh@lokesh.com
ErrorLog logs/khandwa.lokesh.com-error_log
CustomLog logs/khandwa.lokesh.com-access_log common
</VirtualHost>
Restart and enable httpd Service
Service httpd restart
Chkconfig httpd on
Access secure web server on blow link
https://khandwa.lokesh.com
