Posted on Leave a comment

Enable SSL for apache server in 5 minutes

This post describe how to quickly enable SSL for apache web server under linux. This has been done on a clouded virtual machine, the Linux distribution is Ubuntu 12.04 LTS Server, the one provided by Amazon Aws or Microsoft Azure. This procedure may not work or may differ on older or different distribution.

What need to be in place ?

You need to already have apache server running on http port 80 (or whatever) and when you try to go to your website for example http://demo.hallard.me you should have the well know page

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

Once this is ok, just go to your server with ssh

What do to ?

Ok let’s start where we will put the certificates (in /etc/apache2/ssl)

now we generate the certicates, for 3 years (1095 days) under the folder we created above.

that will show the following, and ask you some questions.

The most important, is the Common Name, it should match the internet name FQDN (here demo.hallard.me)

Now we install the SSL mod for apache, this instruction pre configure the file /etc/apache2/ports.conf with some line and the important one that say Listen 443

We put the default-ssl site available creating a symbolic link

Now we edit the file default-ssl (or default-ssl.conf for new version) we have just enabled

Edit October 2014 : on new apache2 version, configuration files need to have .conf extension, so in this case the two previous commands are now :

End of Edit

and we change the two lines relative to SSLCertificate as follow :

Now restart apache server

now you can go with your favorite browser, in my example https://demo.hallard.me, the browser will warn you because it is a self signed certificate, but if you accept it you will now have the same famous “It works!” but with encryption. To avoid warning by browser, you can add the certificate to Trusted Root Certificate Authority of your computer. The procedure to to this depends on browser and operating system, so google is your friend.

Now it is safe that you force SSL encryption on each page that require authentication.

For example, for WordPress, add the following two lines (just after the other existing define lines in the file wp-config.php (located in wordpress installation dir)

This will force each login to use SSL and all admin site to use SSL

You can do the same for phpmyadmin adding to the file /etc/phpmyadmin/config.inc.php

Enable SSL for apache server in 5 minutes

Posted on Leave a comment

How to Enable HTTPS on the Raspberry Pi Apache Web Server | Variax Firmation

How to Enable HTTPS on the Raspberry Pi Apache Web Server

Note that this enables only “self-signed” certificates. I followed these directions but invariably encountered problems that were not addressed. Running Wheezy on a Raspberrry Pi B v1.

As usual, update first.

$ sudo apt-get update

Then make sure Apache and OpenSSL is installed:

$ sudo apt-get install apache2 openssl

If it is already installed, like it was on mine, then you will see:

Reading package lists... Done
Building dependency tree
Reading state information... Done
apache2 is already the newest version.
openssl is already the newest version.
openssl set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

Your external certs are installed in /etc/ssl/certs. You won’t put these certs there.

Create a new directory for local certificates (-p means no error if existing, make parent directories as needed):

$ sudo mkdir -p /etc/ssl/localcerts

The next line starts the certificate generation. The cert is good for 365 days – you can change that.

$ sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key

The result of this command is:

Generating a 2048 bit RSA private key
......., etc.

Next, you will enter the answers to the following questions. This is where I effed up, so don’t you do it too. the FQDN name is the name of your Apache web server. For me, since I’m just running it locally, that would be the server name, like “raspberrypi” – if you kept the default. That server name is mapped to an internal IP, like 192.168.1.11 or something.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PaynsName
Organizational Unit Name (eg, section) []:SysOpsProgFest
Common Name (e.g. server FQDN or YOUR name) []:raspberrypi_orwhatever
Email Address []:noNeed@forrealemail.com

When that is done, you will have two new files in this directory: /etc/ssl/localcerts

Then chmod those files:

$ sudo chmod 600 /etc/ssl/localcerts/apache*

Enable SSL:

$ sudo a2ensite ssl

If you get a “not found” error, try:

sudo a2ensite default-ssl

I think my ssl file already existed in /etc/apache2/sites-available.

Now you need to edit the ssl configuration file in the /etc/apache2/sites-available directory.

$ cd /etc/apache2/sites-available 
$ ls -l

See what’s in there. For me, it looked like this:

-rw-r--r-- 1 root root 692 Jul 19 2016 default
-rw-r--r-- 1 root root 7461 Mar 18 14:51 default-ssl

Copy the default-ssl to a new file named the same name as your FQDN name above – for this example:

$ sudo cp default-ssl raspberrypi_orwhatever

Then edit it:

$ sudo nano raspberrypi_orwhatever

Change this line:

 <VirtualHost _default_:443>

to this:

 <VirtualHost raspberrypi_orwhatever:443>

and change these two lines:

SSLCertificateFile    /etc$
SSLCertificateKeyFile /etc$

to this (your new key location):

SSLCertificateFile /etc/ssl/localcerts/apache.pem
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key

Save, close, then do:

$ sudo a2ensite raspberrypi_orwhatever

The link above says to enable port 443 in /etc/apache2/ports.conf, but mine already had it enabled with these lines:

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

So I didn’t modify that file.

Now restart Apache:

$ sudo service apache2 restart

And what you should get is a browser error, telling you that the site is not secure. That means it’s working! Because you didn’t pay a service to generate a validated certificate, you have to take your own word for it that it’s valid.

FireFox

firefox-self-signed-ssl-warning[1]

Click on I Understand the Risks, then click on Add Exception….

Next click on Get Certificate, and finally Confirm Security Exception to bypass SSL warning in FireFox.

Chrome

chrome-your-connection-is-not-private[1]

Note that this enables only “self-signed” certificates. I followed these directions but invariably encountered problems that were not addressed. Running Wheezy on a Raspberrry Pi B v1. …

Source: How to Enable HTTPS on the Raspberry Pi Apache Web Server | Variax Firmation

Posted on Leave a comment

Setup HTTPS / SSL for Apache server

Setup HTTPS / SSL for Apache server

This post shows how to setup HTTPS (Hypertext Transfer Protocol Secure) / SSL (Secure Sockets Layer) with a Raspberry Pi.

1. Raspberry Pi Requirements:

Apache HTTP server installed

Custom domain name configured for Raspberry Pi’s IP address on a Mac or Raspberry Pi.

You should have an HTTP server working like this:

2. Confirm if OpenSSL has been installed with this command:

sudo apt-get install openssl

3. Create certificate and key files:

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/apache2/ssl/server.key

where -x509 refers to the X.509 standard, while rsa:2048 refers to 2048-bit RSA cryptosystem (cryptographic algorithms).

You may replace 365 days by 1095 days for a longer period of three years.

Enter the the names of your country, state / province, locality, organization, organizational unit and common name as well as your email address.

4. Create a symbolic link:

sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

5. Edit the SSL configuration file:

sudo nano /etc/apache2/sites-enabled/000-default-ssl

Type Ctrl+W to search for “SSLCer” and make sure:

SSLEngine on

and modify these file paths:

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

6. Restart the Apache server:

sudo service apache2 restart

or

sudo /etc/init.d/apache2 restart

7. Open a browser from a computer. This example uses Firefox on a Mac. Enter the HTTPS version of your custom domain name. The message of “This Connection is Untrusted” is shown because we did not pay for a SSL certificate.

Select Add Exception.

Select Confirm Security Exception.

Now a secure lock is shown at the left of the URL.

This also works with PHP.

http://studyraspberrypi.blogspot.com/2015/12/setup-https-ssl-for-apache-server.html
Posted on Leave a comment

Apache 2 with SSL virtual host on different port 8080 or 8081 in Linux – Super User

I was trying to configure SSL(443) for one of the virtual hosts configured in Linux with same domain name with diffrent port number I have used mod_ssl for the configuring the https. For virtual hosts 80 with https it is working fine.Now the problem is I have configured another virtalhosts on port number 8081 and 8082 and I want to provide the HTTPS for both 8081 and 8082 configured Virtuals Hosts.

Sites with port number 8081 and 8082 are working but I need those ports has to work with https


Listen 443
Listen 8081
Listen 8082

<VirtualHost 127.0.0.1:8081>
    ServerName Test.domain.com
    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    DocumentRoot /var/www/html/test/
</VirtualHost>

<VirtualHost 127.0.0.1:8082>
    ServerName Test.domain.com
    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    DocumentRoot /var/www/html/test2/
</VirtualHost>

Source: Apache 2 with SSL virtual host on different port 8080 or 8081 in Linux – Super User

Posted on Leave a comment

Live From The Field

wget -nv download.owncloud.org/download/repositories/production/Debian_9.0/Release.key -O Release.key
echo ‘deb download.owncloud.org/download/repositories/production/Debian_9.0/ /’ | sudo tee /etc/apt/sources.list.d/owncloud.list
sudo apt install apache2 libapache2-mod-php mariadb-server mariadb-client php-bz2 php-mysql php-curl php-gd php-imagick php-intl php-mbstring php-xml php-zip
sudo a2enmod rewrite
wget download.owncloud.org/community/owncloud-10.2.0.tar.bz2
cd /var/www/html
sudo tar -xjf ~/owncloud-10.2.0.tar.bz2 ( Plese download this from the website )
sudo chown -R www-data:www-data owncloud
sudo chmod -R 755 owncloud
Sent from Mail<go.microsoft.com/fwlink/?LinkId=550986> for Windows 10