| | 1 | = HTTPS = |
| | 2 | |
| | 3 | = With Self-Signed Certificates = |
| | 4 | |
| | 5 | In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM. |
| | 6 | |
| | 7 | == Install Apache2 == |
| | 8 | |
| | 9 | Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation. |
| | 10 | (https://httpd.apache.org/) |
| | 11 | |
| | 12 | Before installing, we need to update our repositories. Therefore we will first add the Debian apache repo to our list and update the list. Since we will be using Sudo commands, It will ask you for your user's password as these processors will be granted root privileges. |
| | 13 | {{{ |
| | 14 | sudo add-apt-repository ppa:ondrej/apache2 |
| | 15 | }}} |
| | 16 | |
| | 17 | When Asked, press ‘Enter’ to Continue. Once the PPA is imported, do an update. |
| | 18 | {{{ |
| | 19 | sudo apt-get update |
| | 20 | }}} |
| | 21 | |
| | 22 | Once the repo lists are updated run, |
| | 23 | {{{ |
| | 24 | sudo apt-get install apache2 |
| | 25 | }}} |
| | 26 | |
| | 27 | When asked, press '''Y''' and hit '''Enter''' to continue, and the installation will proceed. |
| | 28 | |
| | 29 | Check installed apache version details by issuing, |
| | 30 | {{{ |
| | 31 | $ apache2 -v |
| | 32 | }}} |
| | 33 | |
| | 34 | Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page. |
| | 35 | |
| | 36 | == Self-Signed Certificate == |
| | 37 | |
| | 38 | Use the following command to create the certificate and the key. |
| | 39 | {{{ |
| | 40 | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt |
| | 41 | }}} |
| | 42 | You will be asked series of questions; answer them carefully. |
| | 43 | {{{ |
| | 44 | Country Name (2 letter code) [AU]:LK |
| | 45 | State or Province Name (full name) [Some-State]:Kandy |
| | 46 | Locality Name (eg, city) []:Peradeniya |
| | 47 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst |
| | 48 | Organizational Unit Name (eg, section) []:IT Team |
| | 49 | Common Name (e.g. server FQDN orYOUR name) []: |
| | 50 | Email Address []:info@yourname.ac.lk |
| | 51 | }}} |
| | 52 | Once finished, it will create two files in '''/etc/ssl'''. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt |
| | 53 | |
| | 54 | == Configure apache == |
| | 55 | |
| | 56 | let us create virtual host files for the web |
| | 57 | {{{ |
| | 58 | sudo nano /etc/apache2/sites-available/lab.conf |
| | 59 | }}} |
| | 60 | |
| | 61 | Include the following |
| | 62 | {{{ |
| | 63 | <IfModule mod_ssl.c> |
| | 64 | <VirtualHost _default_:443> |
| | 65 | ServerAdmin admin@yourname.ac.lk |
| | 66 | ServerName <FQDN of your website> |
| | 67 | DocumentRoot /var/www/html |
| | 68 | <Directory /var/www/html> |
| | 69 | Require all granted |
| | 70 | </Directory> |
| | 71 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 72 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 73 | SSLEngine on |
| | 74 | SSLCertificateFile /etc/ssl/certs/apache_crt.crt |
| | 75 | SSLCertificateKeyFile /etc/ssl/private/apache_prv.key |
| | 76 | <FilesMatch "\.(cgi|shtml|phtml|php)$"> |
| | 77 | SSLOptions +StdEnvVars |
| | 78 | </FilesMatch> |
| | 79 | <Directory /usr/lib/cgi-bin> |
| | 80 | SSLOptions +StdEnvVars |
| | 81 | </Directory> |
| | 82 | </VirtualHost> |
| | 83 | </IfModule> |
| | 84 | }}} |
| | 85 | |
| | 86 | Now enable this site and SSL by |
| | 87 | {{{ |
| | 88 | sudo a2enmod ssl |
| | 89 | sudo a2ensite lab.conf |
| | 90 | }}} |
| | 91 | |
| | 92 | Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication. |
| | 93 | |
| | 94 | |
| | 95 | = HTTPS with Let's Encrypt = |
| | 96 | |
| | 97 | Prior to enabling HTTPS via let's encrypt, you need to satisfy the following; |
| | 98 | |
| | 99 | * You have public IP connectivity. |
| | 100 | * Both HTTP and HTTPS are enabled from firewall/s. |
| | 101 | * HTTP site is working. If you have multiple webserver virtual hosts, make sure the '''!ServerName''' attribute in every host config file is correctly populated. |
| | 102 | * Proper DNS values are assigned to your IP address. |
| | 103 | |
| | 104 | Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.) |
| | 105 | |
| | 106 | {{{ |
| | 107 | https://certbot.eff.org/lets-encrypt/ubuntufocal-apache |
| | 108 | }}} |
