I want to share a little information about how to configure SSL in apache on a CentOS server and transfer the sites from http to https. It is not very difficult, but there are a couple of nuances.
Recently, I’ve talked about how to get a free SSL certificate to confirm the domain name. We used it to organize SSL/TLS connections to the mail server. Now it’s the same we use to translate our site to work over SSL Protocol.
Installing mod_ssl in apache
As a server we favor apache on CentOS, though it does not matter, set up on other Linux distributions will be identical. Work web server is apache. To use the SSL Protocol in apache we will be using fashion mod_ssl. The first step is to check whether it is installed:
# rpm-qa | grep mod_ssl
If not, then set:
# yum-y install mod_ssl
After installing the mod, go to the directory /etc/httpd/conf.d and edit the file their settings ssl.conf. Append the path to the certificates in the directives SSLCertificateFile and SSLCertificateKeyFile.
Create a virtual host with SSL support
Next, you need to either create a new virtual host to Apache or edit an existing one in the file /etc/httpd/conf/httpd.conf. Add to the end of the file:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /root/cert/cmsdaddy.EN.crt SSLCertificateKeyFile /root/cert/cmsdaddy.EN.kye <Directory /var/www/vhosts/cmsdaddy.EN/www> AllowOverride All </Directory> DocumentRoot /var/www/vhosts/cmsdaddy.EN/www ServerName cmsdaddy.com </VirtualHost>
After saving, check the apache configuration:
# httpd-t
If a warning POPs up:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
Then looking at /etc/httpd/conf/httpd.conf the line NameVirtualHost *:80 and add it after the NameVirtualHost *:443
Check again. If there are no errors, restart Apache and go to the website by typing in the address bar https instead of http. Now your site is available over https. But users of the site may not know about it. It would be sensible to redirect from the open Protocol for security. Let’s do this.
Redirect from http to https
In order to do an automatic redirect from http to https, you must in the description of the virtual host in httpd.conf to add port 80 with 443:
<VirtualHost *:80 *:443>
And at the root of the site using .doing htaccess and mod_rewrite redirect all requests from http to https:
# cat .htaccess
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
Now even if you just type a website address with http will open its secure version https. Don’t forget to check whether you have enabled the mod_rewrite module in the apache configuration. And check the firewall. For correct operation of the site over https, you must open port 443 on the webserver.