I am trying to install self signed ssl on IP address. I have apache in centos7. I have mod_ssl installed. I have been able to create self signed certificate with openssl req. Now I need to add this certificate to virtual hosts. I found two different files in tutorials for this purpose.
etc/apache2/sites-available/default-ssl.conf and second option is etc/httpd/conf.d/ssl.conf.
But I could find apache2 folder in etc but not sites-availabe and no httpd in etc. Where do I find the relevant file to edit virtual hosts?
Thank you.
you can just create the folder sites-available if you want inside of the Apache folder. The important thing is to check the Main Apache Config file and make sure that it is loading up the default-ssl.conf file. Usually its done by putting an Include /*. That would load up everything in that folder.
Config files for Apache under Centos should be at /etc/httpd/ instead of /etc/apache/
Related
My Node.Js Bitnami Lightsail instance had its frontend code at /opt/apache/htdocs and http://example.com was working perfectly pointing to that directory (my backend located under opt/projects).
After executing Certbot LetsEncrypt my domain is now pointing to a different folder /var/www/html
Please advise on:
In certbot instruction page I choose Apache for "My HTTP website is running", there wasn't a Bitnami option, was that the right call?
Is this the right configuration and just move my code to html folder?
Does my backend code has to move too? if so where?
Any other well-known issues that I might face?
Cheers.
Bitnami Engineer here,
We do not have any guide to configure certbot and Bitnami, but we have a guide that helps you configure the Let's Encrypt SSL certificate using lego. We have a tool that configures everything so you do not need to worry about editing the Apache's conf files or setting the renew process.
sudo /opt/bitnami/bncert-tool
You can learn more about it here.
In case you want to manually create a SSL certificate, you can also run the lego tool directly
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run
You will later need to configure the Apache's conf files to use that new certificate file. You can learn more about it here
Note: If you used certbot and it modified the Apache's configuration, you will need to undo those changes to use the proper folder. You will need to review the /opt/bitnami/apache2/conf/httpd.conf, /opt/bitnami/apache2/conf/bitnami/bitnami.conf and /opt/bitnami/apache2/conf/vhosts/* files
I have an PHP website up and running on AWS setup with elastic beanstalk. Its running httpd server and I am unable to figure out as how to create virtual host to run multiple sites. The httpd.conf file doesn't have VirtualHost tag and I am unable to figure out as how to create one. Please let me know as how to configure it.
I think the best solution is to create a elasticbeanstalk.conf file in the .ebextensions directory and you specify in it the changes you want to make in the apache config
Actually the best solution is to include virtual host tags within the file and then defining the directory path in those tags.
I have multiple virtual hosts on the same server using CentOS 6. After running sudo ./path/to/certbot-auto --apache I have successfully installed a certificate for a website https://domain1.example. Browser confirms that the certificate is issued to Common Name (CN) domain1.example.
However, after repeating the same procedure for domain2.example, browser is warning that the connection is not secure and the certificate is issued to Common Name 192.168.1.5, which is a local IP address of the server. Why isn't the Common Name correctly determined for domain2.example? What could be the reason?
Without https:// the website http://domain2.example is working properly.
It turns out the problem was due to the /etc/httpd/conf.d/ssl.conf file which enables SSL for Apache. Since CentOS loads all Apache conf files in alphabetical order, only those conf files will be using SSL which come after ssl.conf in alphabetical order. All files that come before will not be recognized for SSL.
In my case conf file for domain1.example came after ssl.conf and thus was recognized for SSL. But the conf file for domain2.example was before ssl.conf and therefore was ignored. A simple renaming ssl.conf to 000-ssl.conf put that file on top of the list and all the other files were loaded correctly.
I am trying to configure ssl for the nginx load balancer , I see three different kinds of configuration files and I am not sure where the certificate and key file should be configured
These are
nginx/sites-available/default
nginx/sites-enabled/myDomain
nginx/nginx.conf
What are these configuration files? where should ssl be ideally configured?
It sounds like you don't know a lot about Nginx. I would start with the docs.
http://nginx.org/en/docs/
nginx/nginx.conf
This is the main Nginx config file and should not contain site-specific configurations (like SSL)
nginx/sites-available/default
This is where you configure your site (and your SSL settings). The default config is simply named "default".
nginx/sites-enabled/myDomain
This is the location that Nginx looks in for sites to serve to users. Typically, you create a symlink from here to the sites-available directory, like below.
sudo ln -s /etc/nginx/sites-available/yourconfig /etc/nginx/sites-enabled/
This allows you to easily activate/deactivate sites by just adding/removing a symlink.
I have setup Apache2 with SSL on a Debian Linux (squeeze) box. In the /etc/apache2/sites-available/default-ssl the SSL Engine is already configured and working. Packages with web software often come with an extra pkg-apache.conf file with some virtualhost, alias and directory directives. How could I make such package available via https without putting the content of pkg-apache.conf into default-ssl? Adapting the to *:433 results in load errors.
You can use the Include directive within your SSL virtual host to point to your extra configuration file. You'll need to make sure that the directives within that extra file can be used within a VirtualHost section.