Changes between Initial Version and Version 1 of NspwUprouse/Agenda/https


Ignore:
Timestamp:
Sep 5, 2021, 11:39:25 AM (3 years ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • NspwUprouse/Agenda/https

    v1 v1  
     1= HTTPS =
     2
     3= With Self-Signed Certificates =
     4
     5In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.
     6
     7== Install Apache2 ==
     8
     9Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation.
     10(https://httpd.apache.org/)
     11
     12Before installing, we need to update our repositories. Therefore we will first add the Debian apache repo to our list and update the list. Since we will be using Sudo commands, It will ask you for your user's password as these processors will be granted root privileges.
     13{{{
     14sudo add-apt-repository ppa:ondrej/apache2
     15}}}
     16
     17When Asked, press ‘Enter’ to Continue. Once the PPA is imported, do an update.
     18{{{
     19sudo apt-get update
     20}}}
     21
     22Once the repo lists are updated run,
     23{{{
     24sudo apt-get install apache2
     25}}}
     26
     27When asked, press '''Y''' and hit '''Enter''' to continue, and the installation will proceed.
     28
     29Check installed apache version details by issuing,
     30{{{
     31$ apache2 -v
     32}}}
     33
     34Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.
     35
     36== Self-Signed Certificate ==
     37
     38Use the following command to create the certificate and the key.
     39{{{
     40sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt
     41}}}
     42You will be asked series of questions; answer them carefully.
     43{{{
     44Country Name (2 letter code) [AU]:LK
     45State or Province Name (full name) [Some-State]:Kandy
     46Locality Name (eg, city) []:Peradeniya
     47Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
     48Organizational Unit Name (eg, section) []:IT Team
     49Common Name (e.g. server FQDN orYOUR name) []:
     50Email Address []:info@yourname.ac.lk
     51}}}
     52Once finished, it will create two files in '''/etc/ssl'''. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt
     53
     54== Configure apache ==
     55
     56let us create virtual host files for the web
     57{{{
     58sudo nano /etc/apache2/sites-available/lab.conf
     59}}}
     60
     61Include the following
     62{{{
     63<IfModule mod_ssl.c>
     64    <VirtualHost _default_:443>
     65         ServerAdmin admin@yourname.ac.lk
     66         ServerName <FQDN of your website>
     67         DocumentRoot /var/www/html
     68         <Directory /var/www/html>
     69                  Require all granted
     70         </Directory>
     71         ErrorLog ${APACHE_LOG_DIR}/error.log
     72         CustomLog ${APACHE_LOG_DIR}/access.log combined
     73         SSLEngine on
     74         SSLCertificateFile      /etc/ssl/certs/apache_crt.crt
     75         SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
     76         <FilesMatch "\.(cgi|shtml|phtml|php)$">
     77                  SSLOptions +StdEnvVars
     78         </FilesMatch>
     79         <Directory /usr/lib/cgi-bin>
     80                  SSLOptions +StdEnvVars
     81         </Directory>
     82         </VirtualHost>
     83</IfModule>
     84}}}
     85
     86Now enable this site and SSL by
     87{{{
     88sudo a2enmod ssl
     89sudo a2ensite lab.conf
     90}}}
     91
     92Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication.
     93
     94
     95= HTTPS with Let's Encrypt =
     96
     97Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;
     98
     99* You have public IP connectivity.
     100* Both HTTP and HTTPS are enabled from firewall/s.
     101* HTTP site is working. If you have multiple webserver virtual hosts, make sure the '''!ServerName''' attribute in every host config file is correctly populated.
     102* Proper DNS values are assigned to your IP address.
     103
     104Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)
     105
     106{{{
     107https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
     108}}}