= HTTPS =

= With Self-Signed Certificates =

In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.

== Install Apache2 == 

Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation.
(https://httpd.apache.org/)

Before installing, we need to update our repositories. 

{{{
sudo apt-get update
}}}

Once the repo lists are updated run,
{{{
sudo apt-get install apache2
}}}

When asked, press '''Y''' and hit '''Enter''' to continue, and the installation will proceed.

Check installed apache version details by issuing,
{{{
$ apache2 -v
}}}

Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.

== Self-Signed Certificate ==

Use the following command to create the certificate and the key.
{{{
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt
}}}
You will be asked series of questions; answer them carefully.
{{{
Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:Kandy
Locality Name (eg, city) []:Peradeniya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
Organizational Unit Name (eg, section) []:IT Team
Common Name (e.g. server FQDN orYOUR name) []:
Email Address []:info@yourname.ac.lk
}}}
Once finished, it will create two files in '''/etc/ssl'''. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt

== Configure apache ==

let us create virtual host files for the web
{{{
sudo nano /etc/apache2/sites-available/lab.conf
}}}

Include the following
{{{
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
         ServerAdmin admin@yourname.ac.lk
         ServerName <FQDN of your website>
         DocumentRoot /var/www/html
         <Directory /var/www/html>
                  Require all granted
         </Directory>
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         SSLEngine on
         SSLCertificateFile      /etc/ssl/certs/apache_crt.crt
         SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
                  SSLOptions +StdEnvVars
         </FilesMatch>
         <Directory /usr/lib/cgi-bin>
                  SSLOptions +StdEnvVars
         </Directory>
         </VirtualHost>
</IfModule>
}}}

Now enable this site and SSL by
{{{
sudo a2enmod ssl
sudo a2ensite lab.conf
}}}

Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication.


= HTTPS with Let's Encrypt =

Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;

* You have public IP connectivity.
* Both HTTP and HTTPS are enabled from firewall/s.
* HTTP site is working. If you have multiple webserver virtual hosts, make sure the '''!ServerName''' attribute in every host config file is correctly populated.
* Proper DNS values are assigned to your IP address.

Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)

{{{
https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
}}}