| | 33 | |
| | 34 | From this point the location of the SP directory is: /etc/shibboleth |
| | 35 | |
| | 36 | == Apache Configuration == |
| | 37 | |
| | 38 | Here we have to create SSL certificates and assign them to the virtual hosts created. We can create SSL certificates using three methods. |
| | 39 | 1. Generate a self-signed certificates (Steps 5 to 9) |
| | 40 | 2. Create certificates using Let's Encrypt free SSL service. (Steps 10 to ) |
| | 41 | 3. Receiving certificates from a Commercial Certificate Authority. |
| | 42 | |
| | 43 | As below you can use any of the above methods. Follow the steps as you prefer. |
| | 44 | |
| | 45 | 4. These configurations are based for test purposes with self generated ssl certificates. If you have purchased ssl certificate from a commercial CA substitute those with the self signed files. If you wish to get letsencrypt certificates Skip to Step 10. |
| | 46 | |
| | 47 | 5. Create a Certificate and a Key self-signed for HTTPS: |
| | 48 | |
| | 49 | {{{ |
| | 50 | openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/ssl-sp.key -out /etc/ssl/certs/ssl-sp.crt -nodes -days 1095 |
| | 51 | }}} |
| | 52 | |
| | 53 | 6. Modify the file /etc/apache2/sites-available/sp-ssl.conf as follows: |
| | 54 | |
| | 55 | {{{ |
| | 56 | <IfModule mod_ssl.c> |
| | 57 | <VirtualHost *:443> |
| | 58 | |
| | 59 | ServerName sp.YOUR-DOMAIN |
| | 60 | |
| | 61 | ServerAdmin webmaster@localhost |
| | 62 | DocumentRoot /var/www/html |
| | 63 | |
| | 64 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 65 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 66 | |
| | 67 | SSLCertificateFile /etc/ssl/certs/ssl-sp.crt |
| | 68 | SSLCertificateKeyFile /etc/ssl/private/ssl-sp.key |
| | 69 | </VirtualHost> |
| | 70 | </IfModule> |
| | 71 | }}} |
| | 72 | |
| | 73 | 7. Enable proxy_http, SSL and headers Apache2 modules: |
| | 74 | |
| | 75 | {{{ |
| | 76 | |
| | 77 | a2enmod proxy_http ssl headers alias include negotiation |
| | 78 | a2ensite sp-ssl.conf |
| | 79 | systemctl restart apache2 |
| | 80 | }}} |
| | 81 | |
| | 82 | 8. Configure Apache2 to open port 80 only for localhost: |
| | 83 | |
| | 84 | {{{ |
| | 85 | nano /etc/apache2/ports.conf |
| | 86 | |
| | 87 | # If you just change the port or add more ports here, you will likely also |
| | 88 | # have to change the VirtualHost statement in |
| | 89 | # /etc/apache2/sites-enabled/000-default.conf |
| | 90 | |
| | 91 | Listen 127.0.0.1:80 |
| | 92 | |
| | 93 | <IfModule ssl_module> |
| | 94 | Listen 443 |
| | 95 | </IfModule> |
| | 96 | |
| | 97 | <IfModule mod_gnutls.c> |
| | 98 | Listen 443 |
| | 99 | </IfModule> |
| | 100 | }}} |
| | 101 | |
| | 102 | 9. Configure Apache2 to redirect all on HTTPS: |
| | 103 | |
| | 104 | {{{ |
| | 105 | nano /etc/apache2/sites-enabled/000-default.conf |
| | 106 | |
| | 107 | <VirtualHost *:80> |
| | 108 | ServerName "sp.YOUR-DOMAIN" |
| | 109 | Redirect permanent "/" "https://sp.YOUR-DOMAIN/" |
| | 110 | RedirectMatch permanent ^/(.*)$ https://sp.YOUR-DOMAIN/$1 |
| | 111 | </VirtualHost> |
| | 112 | }}} |
| | 113 | |
| | 114 | 10. Let'sencrypt setup (Skip this step if you already configured SSL with self signed or CA provided certificates) |
| | 115 | |
| | 116 | Disable the default configuration |
| | 117 | |
| | 118 | {{{ |
| | 119 | |
| | 120 | cd /etc/apache2/sites-available/ |
| | 121 | a2dissite 000-default.conf |
| | 122 | systemctl reload apache2 |
| | 123 | |
| | 124 | }}} |
| | 125 | |
| | 126 | Create a new conf file as sp.conf |
| | 127 | |
| | 128 | cp 000-default.conf sp.conf |
| | 129 | |
| | 130 | Edit sp.conf with following |
| | 131 | |
| | 132 | {{{ |
| | 133 | nano sp.conf |
| | 134 | |
| | 135 | <VirtualHost *:80> |
| | 136 | |
| | 137 | ServerName sp.YOUR-DOMAIN |
| | 138 | ServerAdmin YOUR-Email |
| | 139 | DocumentRoot /var/www/html |
| | 140 | |
| | 141 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 142 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 143 | |
| | 144 | </VirtualHost> |
| | 145 | }}} |
