...
Next, Apache needs to be setup.
Apache Setup
...
Enable the Apache Module
Be default the Apache SSL module is not enabled,
Code Block | ||
---|---|---|
| ||
sudo a2enmod ssl Enabling module ssl. See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates. Run '/etc/init.d/apache2 restart' to activate new configuration! |
Modify the Apache configuration.
...
Create an SSL Virtual Host
Following along the BonsaiFramework tutorial, we are using virtual hosts.
We'll create an SSL Vitual Host version of www.earth.com. Note that both http://www.earth.com on port 80 and https://www.earth.com on port 443 can co-exist.
Info |
---|
All the SSL entries are derived from etc/apache2/sites-available/default-ssl. Read the comments in that file for a more in depth understanding of the configurations. |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<IfModule mod_ssl.c> <VirtualHost *:80>443> ServerAdmin ServerAdmin webmaster@localhost ServerName ServerName www.myrapham.com ServerAlias ServerAlias myrapham.com # # Enforce www in front of url. RewriteEngine On RewriteCond %{HTTP_HOST} !^www\.myrapham\.com$ [NC] RewriteRule (.*) httphttps://www.myrapham.com$1 [R,L] DocumentRoot DocumentRoot /home/www.myrapham.com/www <Directory <Directory /> # # This prevents use of .htaccess AllowOverride None AllowOverride None < </Directory> ErrorLog ErrorLog /var/log/apache2/ssl_www.myrapham.com.error.log # # Possible values include: debug, info, notice, warn, error, crit, # # alert, emerg. LogLevel LogLevel warn CustomLog CustomLog /var/log/apache2/wwwssl_ww.myrapham.com.access.log combined # # Mount application on Tomcat JkMount JkMount /wiki/* tomcat_confluence_a_worker JkMount JkMount /wiki tomcat_confluence_a_worker <Location /wiki/> FilterDeclare filter_string_replace <Location /wiki/> FilterDeclare FilterProvider filter_string_replace SUBSTITUTE resp=Content-Type $text/html Substitute "s/www.breakitdown.ca/www.myrapham.com/ni" Substitute "s/Break It Down/www.myrapham.com/n" FilterChain filter_string_replace Redirect permanent /wiki/dashboard.action https://www.myrapham.com/wiki/display/myra/Home Redirect permanent /wiki/display/myrahouse/Home https://www.myrapham.com/wiki/display/myra/Home </Location> FilterProvider filter_string_replace SUBSTITUTE resp=Content-Type $text/html Substitute "s/www.bonsaiframework.com/www.myrapham.com/ni" Substitute "s/www.bonsaiframework.com/www.myrapham.com/n" FilterChain filter_string_replace Redirect permanent /wiki/dashboard.action http://www.myrapham.com/wiki/display/myra/Home Redirect permanent /wiki/display/myrahouse/Home http://www.myrapham.com/wiki/display/myra/Home </Location> </VirtualHost> |
...
# ---------------------
# Start Enable SSL
# -----------------
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Load the keys
SSLCertificateFile /etc/ssl/certs/www.myrapham.com_server.crt
SSLCertificateKeyFile /etc/ssl/private/www.myrapham.com_server.key
# Load the Certificate chain
SSLCertificateChainFile /etc/ssl/certs/StartSSL_Sub_Class1_CA.pem
# Loads all Certificate Authorities in the provided path
SSLCACertificatePath /etc/ssl/certs/
# SSL Engine Options
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# -----------------
# End Enable SSL
# ---------------------
</VirtualHost>
</IfModule>
|
Note |
---|
It is not possible to run multiple SSL-enabled virtual hosts on a server with only one IP address. A separate IP address or port is necessary for each SSL-enabled domain. There are new modules that provide this functionality, but as of May 2011 it is not yet widely supported by browsers. |
...