Ssl

Configuring ssl in apache on CentOS

I want to share a little information about how to configure SSL in apache on a CentOS server and transfer the sites from http to https. It is not very difficult, but there are a couple of nuances.

Recently, I’ve talked about how to get a free SSL certificate to confirm the domain name. We used it to organize SSL/TLS connections to the mail server. Now it’s the same we use to translate our site to work over SSL Protocol.

Installing mod_ssl in apache

As a server we favor apache on CentOS, though it does not matter, set up on other Linux distributions will be identical. Work web server is apache. To use the SSL Protocol in apache we will be using fashion mod_ssl. The first step is to check whether it is installed:

# rpm-qa | grep mod_ssl

If not, then set:

# yum-y install mod_ssl

After installing the mod, go to the directory /etc/httpd/conf.d and edit the file their settings ssl.conf. Append the path to the certificates in the directives SSLCertificateFile and SSLCertificateKeyFile.

Create a virtual host with SSL support

Next, you need to either create a new virtual host to Apache or edit an existing one in the file /etc/httpd/conf/httpd.conf. Add to the end of the file:

<VirtualHost *:443>
 SSLEngine on
 SSLCertificateFile /root/cert/cmsdaddy.EN.crt
 SSLCertificateKeyFile /root/cert/cmsdaddy.EN.kye
 <Directory /var/www/vhosts/cmsdaddy.EN/www>
 AllowOverride All
</Directory>
 DocumentRoot /var/www/vhosts/cmsdaddy.EN/www
 ServerName cmsdaddy.com
 </VirtualHost>

After saving, check the apache configuration:

# httpd-t

If a warning POPs up:

[warn] _default_ VirtualHost overlap on port 443, the first has precedence

Then looking at /etc/httpd/conf/httpd.conf the line NameVirtualHost *:80 and add it after the NameVirtualHost *:443

Check again. If there are no errors, restart Apache and go to the website by typing in the address bar https instead of http. Now your site is available over https. But users of the site may not know about it. It would be sensible to redirect from the open Protocol for security. Let’s do this.

Redirect from http to https

In order to do an automatic redirect from http to https, you must in the description of the virtual host in httpd.conf to add port 80 with 443:

<VirtualHost *:80 *:443>

And at the root of the site using .doing htaccess and mod_rewrite redirect all requests from http to https:

# cat .htaccess
RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}

Now even if you just type a website address with http will open its secure version https. Don’t forget to check whether you have enabled the mod_rewrite module in the apache configuration. And check the firewall. For correct operation of the site over https, you must open port 443 on the webserver.

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *