| Version 1 (modified by , 3 years ago) ( diff ) |
|---|
HTTPS
With Self-Signed Certificates
In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.
Install Apache2
Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation. (https://httpd.apache.org/)
Before installing, we need to update our repositories. Therefore we will first add the Debian apache repo to our list and update the list. Since we will be using Sudo commands, It will ask you for your user's password as these processors will be granted root privileges.
sudo add-apt-repository ppa:ondrej/apache2
When Asked, press ‘Enter’ to Continue. Once the PPA is imported, do an update.
sudo apt-get update
Once the repo lists are updated run,
sudo apt-get install apache2
When asked, press Y and hit Enter to continue, and the installation will proceed.
Check installed apache version details by issuing,
$ apache2 -v
Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.
Self-Signed Certificate
Use the following command to create the certificate and the key.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt
You will be asked series of questions; answer them carefully.
Country Name (2 letter code) [AU]:LK State or Province Name (full name) [Some-State]:Kandy Locality Name (eg, city) []:Peradeniya Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst Organizational Unit Name (eg, section) []:IT Team Common Name (e.g. server FQDN orYOUR name) []: Email Address []:info@yourname.ac.lk
Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt
Configure apache
let us create virtual host files for the web
sudo nano /etc/apache2/sites-available/lab.conf
Include the following
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@yourname.ac.lk
ServerName <FQDN of your website>
DocumentRoot /var/www/html
<Directory /var/www/html>
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache_crt.crt
SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Now enable this site and SSL by
sudo a2enmod ssl sudo a2ensite lab.conf
Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication.
HTTPS with Let's Encrypt
Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;
- You have public IP connectivity.
- Both HTTP and HTTPS are enabled from firewall/s.
- HTTP site is working. If you have multiple webserver virtual hosts, make sure the ServerName attribute in every host config file is correctly populated.
- Proper DNS values are assigned to your IP address.
Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)
https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
