Installation of Apache and SSL (Requires OpenSSL > openssl-0.9.5a or better. www.openssl.com).
1. Download the latest Apache Webserver from: http://httpd.apache.org/dist/httpd/apache_1.3.19.tar.gz
2. tar zxvf apache_1.3.19.tar.gz
3. Download the latest apache+ssl source from: ftp://opensores.thebunker.net/pub/mirrors/apachessl/apache_1.3.9+ssl_1.42.tar.gz
4. mv apache_1.3.9+ssl_1.42.tar.gz apache_1.3.19
5. tar zxvf apache_1.3.9+ssl_1.42.tar.gz
6. Run the executable: ./FixPatch
7. ./configure --prefix=/usr/local/apache * ./configure -help to get other config time options as needed.
8. make
9. su -
10. make install
11. ln -s /usr/local/apache/conf/httpsd.conf /usr/local/apache/conf/httpd.conf
12. cd /usr/local/apache ; mkdir certs
13. cd certs
14. openssl genrsa -des3 -out ssl.key 1024 -days 365
Remember the PEM password you choose! This command will create ssl.key -days 365 means you will have to do steps 14 & 16 again in 365 days
15. At his point, you are going to create a self-signed Certificate for your site. If you will be using a CA ( Certifying Authority ) Certificate, please review http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO-3.html#ss3.2
16. What is very important to remember in creating the the ssl.crt file is deciding "what is the URL people enter to come to my web site? ". For example, if you own blah.com, and you define blah.com when creating the ssl.crt key, then people who access your site via www.blah.com will get a "Certificate Name Check" that might scare people away because it contains a ominous warning. People who access your site via http://blah.com will not get this warning. However you choose to name your server that is how you must define ServerName in the
17. openssl req -new -key ssl.key -x509 -out ssl.crt Enter your PEM; this will create ssl.crt
This is the Information you will be presented with when issuing this command:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:South Carolina
Locality Name (eg, city) []:West Columbia
Organization Name (eg,company) [Internet Widgits Pty Ltd]:Michael Sharp
Organizational Unit Name (eg, section) []:Secure Web Server
Common Name (eg, your name or your server's hostname) []:reality.dynip.com
Email Address []:msharp@medmail.com
The Common Name portion is where you define what I was talking about in 15.
18. edit /usr/local/apache/conf/httpsd.conf and at the bottom, under
SSLDisable
SSLCacheServerPort logs/gcache_port
SSLCacheServerPath bin/gcache
SSLSessionCacheTimeout 10
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCacheServerRunDir /tmp
SSLFakeBasicAuth
SSLRandomFile /dev/random 1024
DocumentRoot /usr/local/apache/htdocs ServerName www.CHANGE-THIS.com
ServerAdmin SOMEONE@SOMEWHERE.COM
ErrorLog /usr/local/apache/logs/httpsd_error.log TransferLog /usr/local/apache/logs/httpsd_access.log SSLEnable
SSLCertificateFile /usr/local/apache/certs/ssl.crt SSLCertificateKeyFile /usr/local/apache/certs/ssl.key
You must also comment out Document Root, ServerName, ServerAdmin, ErrorLog, and TransferLog in the Main Server configuration:
#DocumentRoot
#ServerName
#ErrorLog
#ServerAdmin
#TransferLog
Where you see:
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
Port 8080
change 8080 to 443
Add any other configuration variables to the httpsd.conf file per your needs.
19. Start the Server:
/usr/local/apache/bin/httpsdctl start
You will have to issue your PEM to start the web server! Don't panic just because it doesn't start immediately give it a few moments.
20. Check out: https://YOUR-WEB-SITE to review if you were successful.
21. Now add your content to /usr/local/apache/htdocs
Virtual Hosts
Virtual hosts enable you to intelligently run multiple sites on a single server. The useful side effect is that with proper setup, you can point your browser to www.whatever.whatever and load a local copy. My development site is now www.mezzoblue.dev, which works exactly the same as the .com, just faster.
Find your httpd.conf file, and then add this line somewhere near the bottom (there’s a spot with example virtual server code)
NameVirtualHost 127.0.0.1
You might want to run a search for ‘NameVirtualHost’ within the file before-hand to make sure it’s not already set, or at least commented out with a preceding octothorpe (#).
Next add an entry for localhost pointing to the root of your web server, so that typing localhost in your browser’s address bar continues pulling up the default site:
ServerName localhost
DocumentRoot /Path/To/WebRoot
And finally, for each individual virtual site you wish to run, add a new entry pointing to the proper directory. This is especially useful because, at least on Unix-based systems, this means it can sit anywhere in your filesystem.
ServerName www.mezzoblue.dev
DocumentRoot /Volumes/Shine/www/delhi
No comments:
Post a Comment