| | 1 | = HTTPS with Self-Signed Certificates = |
| | 2 | |
| | 3 | In this Lab we will install a web server (Apache2) and enable https with the use of self-signed ssl certificates. Lab session has to be done in the ubuntu VM |
| | 4 | |
| | 5 | == Install Apache2 == |
| | 6 | |
| | 7 | Apache is a web server application that is widely used in the internet for more than 20 years and it is a well-documented piece of Free and Open Source Software managed by Apache Foundation. |
| | 8 | (https://httpd.apache.org/) |
| | 9 | |
| | 10 | Before installing we need to update our repositories. Therefore we will first add debian apache repo to our list and do a update on the list. Since we will be using sudo commands, It will ask you for your user's password as these processors will be granted root privileges. |
| | 11 | {{{ |
| | 12 | sudo add-apt-repository ppa:ondrej/apache2 |
| | 13 | }}} |
| | 14 | |
| | 15 | When Asked press ‘Enter’ to Continue. Once the ppa is imported do an update. |
| | 16 | {{{ |
| | 17 | sudo apt-get update |
| | 18 | }}} |
| | 19 | |
| | 20 | Once the repo lists are updated run, |
| | 21 | {{{ |
| | 22 | sudo apt-get install apache2 |
| | 23 | }}} |
| | 24 | |
| | 25 | When asked press '''Y''' and hit '''Enter''' to continue, and the installation will proceed. |
| | 26 | |
| | 27 | Check installed apache version details by issuing, |
| | 28 | {{{ |
| | 29 | $ apache2 -v |
| | 30 | }}} |
| | 31 | |
| | 32 | Now go to your host machine. Open a web browser and type IP address of your Ubuntu VM. You will get the Apache default page. |
| | 33 | |
| | 34 | == Self-Signed Certificate == |
| | 35 | |
| | 36 | Use the following Command to create the certificate and the key |
| | 37 | {{{ |
| | 38 | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt |
| | 39 | }}} |
| | 40 | You will be asked series of questions, answer them carefully |
| | 41 | {{{ |
| | 42 | Country Name (2 letter code) [AU]:LK |
| | 43 | State or Province Name (full name) [Some-State]:Kandy |
| | 44 | Locality Name (eg, city) []:Peradeniya |
| | 45 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst |
| | 46 | Organizational Unit Name (eg, section) []:IT Team |
| | 47 | Common Name (e.g. server FQDN orYOUR name) []: |
| | 48 | Email Address []:info@yourname.ac.lk |
| | 49 | }}} |
| | 50 | Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key and certificate will be saved as apache_crt.crt |
| | 51 | |
| | 52 | == Configure apache == |
| | 53 | |
| | 54 | lets create virtual host files for the web |
| | 55 | {{{ |
| | 56 | sudo nano /etc/apache2/sites-available/lab.conf |
| | 57 | }}} |
| | 58 | |
| | 59 | Include the following |
| | 60 | {{{ |
| | 61 | <IfModule mod_ssl.c> |
| | 62 | <VirtualHost _default_:443> |
| | 63 | ServerAdmin admin@yourname.ac.lk |
| | 64 | DocumentRoot /var/www/html |
| | 65 | <Directory /var/www/html> |
| | 66 | Require all granted |
| | 67 | </Directory> |
| | 68 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 69 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 70 | SSLEngine on |
| | 71 | SSLCertificateFile /etc/ssl/certs/apache_crt.crt |
| | 72 | SSLCertificateKeyFile /etc/ssl/private/apache_prv.key |
| | 73 | <FilesMatch "\.(cgi|shtml|phtml|php)$"> |
| | 74 | SSLOptions +StdEnvVars |
| | 75 | </FilesMatch> |
| | 76 | <Directory /usr/lib/cgi-bin> |
| | 77 | SSLOptions +StdEnvVars |
| | 78 | </Directory> |
| | 79 | </VirtualHost> |
| | 80 | </IfModule> |
| | 81 | }}} |
| | 82 | |
| | 83 | Now enable this site and ssl by |
| | 84 | {{{ |
| | 85 | sudo a2enmod ssl |
| | 86 | sudo a2ensite web1-ssl.conf |
| | 87 | }}} |
| | 88 | |
| | 89 | Try browsing from your host machine https://<IP address of the Ubuntu VM>, you will be warned about the untrusted connection as it is a self-signed authentication. |
