If on the server, we already setup/configured the SSL certificate, how could I make my websites using secure page? Just make the linke to https://example.com/etc.php?
Thanks!
Two things have to be in place.
You'll need to setup the ssl cert properly, which it sounds like you have
As the other commentator said, this will depend upon which webserver you're using. More likely than not, apache:
Apache:
You'll need to modify the apache settings to support the https version of your site. If you're using a modern installation of Apache2 with virtual hosts, usually there will be a "sites-available" directory where individual config files exists for each domain. For a domain that will have both http and https (80 and 443), you would do something like this, assuming apache is listening on 127.0.0.1 (this would not be the case for most apache installations, so be sure to change the ip). It also goes without saying that you need to change the paths and domain name in the following:
<VirtualHost 127.0.0.1:80>
ServerAdmin somebody#domain.com
ServerName somebody.com
ServerAlias www.somebody.com
DocumentRoot /home/somebody/www
<Directory "/home/somebody/www">
Options FollowSymLinks
AllowOverride All
Options -Indexes
</Directory>
ErrorLog /home/logs/somebody.error.log
CustomLog /home/logs/somebody.access.log combined
</VirtualHost>
<VirtualHost 127.0.0.1:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/something.crt
SSLCertificateKeyFile /etc/apache2/ssl/something.key
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
ServerAdmin somebody#something.com
ServerName somebody.com
ServerAlias www.somebody.com
DocumentRoot /home/somebody/www
<Directory "/home/somebody/www">
Options FollowSymLinks
AllowOverride All
Options -Indexes
</Directory>
ErrorLog /home/logs/somebody.ssl.error.log
CustomLog /home/logs/somebody.ssl.access.log combined
</VirtualHost>
If you are using nginx, there is a similar dual block you'll need to have for :80 and :443. Look at the block you already have for 80 and consult their documentation:
http://nginx.org/en/docs/http/configuring_https_servers.html
You may also be using iis, in which case, here are the instructions for version 7:
How do I configure a site in IIS 7 for SSL?
Related
I am hosting website iplocation.io on a cloud server. I found a domain https://chrissloey.com/index.php which opens my website within it.
Now from what I understand, chrissloey.com has pointed it A record to my server ip and my apache2 server is not denying connection to it and allow's to open iplocation.io website content like its own.
I want apache2 to deny connections to any other domain and only allow my own domain to server content.
Attached is apache conf file for iplocation.io
<VirtualHost *:80>
ServerAdmin email#email.com
DocumentRoot /var/www/public_html
ServerName iplocation.io
ServerAlias www.iplocation.io
ErrorLog ${APACHE_LOG_DIR}/apache-error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/public_html>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName iplocation.io
ServerAdmin email#email.com
DocumentRoot /var/www/public_html
SSLEngine on
SSLCertificateFile /path-to-csr
SSLCertificateKeyFile /path-to-key
SSLCertificateChainFile /path-to-ca
<Directory /var/www/public_html>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule
Looking at the two comments I think the combination makes most sense:
Configure httpd to respond with redirect (301) to all incoming requests. This could be done on the 'root' host.
Configure a virtualhost listening to your domain only, and this one would serve your real content only.
This will work unless the other site requests your content and then integrates it into their responses. But as you said someone else simply put up a DNS A record.
I face a really strange issue with Apache2 (v2.4.7).
Our sites have both domain.com and www.domain.com, with and without HTTPS
When I only enable one of them with SSL, it response take less than 0.01s.
When I enable both of them with SSL, it takes more than 1 minute to answer.
There's no issue with "classic" HTTP configuration file, only the one with SSL
I've tried both with independent configuration files, or with aliases. No matter, more or less the same big response time.
Here's the config file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com # Fast when commented, slow when enabled
ServerAdmin webmaster#localhost
DocumentRoot /var/www/site
ErrorLog ${APACHE_LOG_DIR}/site-error.log
CustomLog ${APACHE_LOG_DIR}/site-access.log combined
<Directory "/var/www/site/blog">
AllowOverride All
Options FollowSymLinks
allow from all
order allow,deny
</Directory>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/domain.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/domain.com-0001/chain.pem
</VirtualHost>
</IfModule>
Do you have any idea how to fix this or where does the issue comes from?
Thank you for help ;)
That's strange. Are you sure if you have mod_alias enabled and loaded? You can find that out by issuing this command on a ssh console:
httpd -t -D DUMP_MODULES | grep alias
What you can try though it this: Get your server's ip (no matter if it's private or public) from your main ethernet card and use it in your apache configuration.
Replace:
<VirtualHost *:443> with <VirtualHost server-ip:443> for all your vhosts
Restart apache and try again
I have a php web app running on a AWS EC2 instance with ubuntu. It's domain name comes however from 1&1 and is pointing to the AWS EC2 public IP.
I have a SSL certificate from 1&1 on this same domain name.
When running the web page on my browser in http everything works fine. But as soon as I run it with https it's there is constant load and the page never renders.
I guess the issue is caused by my apache configuration, but I don't know what needs to be changed to make the https working fine.
Here is my mydomain.com.conf :
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot "/var/www/html/mydomain/"
ErrorLog ${APACHE_LOG_DIR}/error_mydomain.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
By looking on internet, I found out that a ssl key has to be added into the conf file, but since I'm using an ssl certificate from 1&1 I have no key or whatsoever.
Is there anyone who knows more about it ?
Thanks
Ok, so I know not many people will run into this same issue, but we never know...
It is impossible to do this without the /ssl/cert files indeed.
Unfortunately, the 1 SSL Certificate offered by 1&1 on the ultimate packs are only made for websites hosted on 1&1. I called them, and they don't want to give me the cert files because my webpage is hosted at AWS.
Thus, there is no other option then getting an other SSL certificate. I'll probably use letsencrypt for that.
You must have been provided with a cert and cert bundle from your CA vendor, and I am hoping you have kept the private key intact when creating the CSR for the bundle, your vhost should look something like this:
<VirtualHost *:80>
ServerName <mywebsite>
ServerAlias www.<mywebsite>
DocumentRoot /var/www/html/<mywebsitedocroot>
DirectoryIndex index.php index.html
<Directory /var/www/html/<mywebsitedocroot>>
#Options Indexes FollowSymLinks MultiViews
Options -Indexes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/html/<mywebsitedocroot>
DirectoryIndex index.php index.html
ServerName <mywebsite>
ServerAlias www.<mywebsite>
SSLEngine On
#SSLCertificateFile /etc/ssl/certs/<mycert>.crt
#SSLCertificateKeyFile /etc/ssl/certs/<mycert>.key
SSLCertificateFile /etc/ssl/certs/<mycert>_com.crt
SSLCertificateKeyFile /etc/ssl/certs/<mycert>_com.key
SSLCertificateChainFile /etc/ssl/certs/<mycert>_com.ca-bundle
<Directory /var/www/html/<mywebsitedocroot>>
#Options Indexes FollowSymLinks MultiViews
Options -Indexes
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
What is essential to understand is HTTPS listens on port 443, not 80 (it is for HTTP) and the most important section (considering your situation) is:
SSLCertificateFile /etc/ssl/certs/<mycert>_com.crt
SSLCertificateKeyFile /etc/ssl/certs/<mycert>_com.key
SSLCertificateChainFile /etc/ssl/certs/<mycert>_com.ca-bundle
You can ignore all the Options I have set or set it as per your need. I just grabbed the info from my website conf. Hope this helps
Hi I'm trying to serve one site with two subdomains, and both subdomains should be under SSL. I've purchased a wildcard SSL certificate and have it installed. In my vhosts file I have 5 definitions, www (80), app (80/443), and staging (80/443). All of the subdomains work under port 80.
Here's a snippet of my vhosts.conf file:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin support#---
ServerName app.---
DocumentRoot /var/www/vhosts/---/app/www/
ErrorLog /var/www/vhosts/---/app/log/error.log
<Directory "/var/www/vhosts/---/app/www">
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin support#---
ServerName app.---
DocumentRoot /var/www/vhosts/---/app/www/
ErrorLog /var/www/vhosts/---/app/log/ssl.log
SSLEngine ON
SSLCertificateFile /etc/httpd/conf.d/ssl/---/ssl.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/---/ssl.key
SSLCertificateChainFile /etc/httpd/conf.d/ssl/---/intermediate.crt
<Directory "/var/www/vhosts/---/app/www">
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin support#---
ServerName staging.---
DocumentRoot /var/www/vhosts/---/staging/www/
ErrorLog /var/www/vhosts/---/staging/log/error.log
<Directory "/var/www/vhosts/---/staging/www">
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin support#---
ServerName staging.---
DocumentRoot /var/www/vhosts/---/staging/www/
ErrorLog /var/www/vhosts/---/staging/log/ssl.log
SSLEngine ON
SSLCertificateFile /etc/httpd/conf.d/ssl/---/ssl.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/---/ssl.key
SSLCertificateChainFile /etc/httpd/conf.d/ssl/---/intermediate.crt
<Directory "/var/www/vhosts/---/staging/www">
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
If I change this line:
<VirtualHost *:443>
To:
<VirtualHost SERVER_IPADDRESS:443>
The first definition will work as expected and use the correct certificate. When I restart Apache I receive a message in the terminal stating there's a duplicate entry and only the first will be used.
With the conf as it is above I don't receive any errors or warnings in the terminal, but I have seen this in Apache's log:
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
From what I've read online that warning is expected and shouldn't be a problem.
Running configtest shows Syntax OK.
It seems the problem is named virtual hosts with SSL. I've checked 3 guides online and tried a variety of things (using *.domain.com as ServerName for both, app.domain.com as ServerAlias), subdomains as the directive (app.domain.com:443) but can't figure out the right combination to serve each subdomain under both 80 and 443 using only one IP address.
I know it's possible. Any ideas on what I'm missing?
Check the version of apache you are using. It may be that your apache is too old to support it. I think sni was supported in apache 2.2.12 and later.
The only solution I was able to find which isn't a great one was to rebuild on CentOS 6.4. The issue as noted by Russ is that the built in Apache/OpenSSL do not support SNI. I managed to get OpenSSL upgraded in 5.9, but I was not able to build Apache with SNI. I compiled it using a guide that showed the flags to use but it didn't work. That's not to say it can't be done and I may have done it wrong, this was easier since it's for a new site and downtime isn't an issue.
Once the issue was corrected the warning in error_log changes to this:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
Thanks for the help!
I have an Apache server configured with several configuration files in which I declare VirtualHost's. However, when I access my server for one of the given ServerName it is not respected and defaults to another one.
My configurations is as followed:
In a ports.conf file I have this:
NameVirtualHost *:80
Listen 80
Then in another file, I have this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName my.server.com
ServerAlias other.server.com
DocumentRoot /home/mys/
Alias / /home/mys/
ErrorLog /var/log/apache2/mys-error.log
<Directory /home/mys/>
Options Includes Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
</VirtualHost>
In another file I have this
<VirtualHost *:80>
ServerName something.server.com
ServerAlias else.server.com
Redirect permanent / https://something.server.com
</VirtualHost>
And I have a configuration on port 443 for something.server.com which works ok
When I call http://my.server.com, I end up on https://something.server.com
All hostnames point to the same IP.
I am running on Apache/2.2.9 (Debian)
Any hint or ideas would be much appreciated. I am not an Apache expert so if I need to provide more info or formulate this in another way, just let me know.
OK, actually this is working fine, but because I indicated a Permanent Redirect, Firefox cached the redirect. So nothing wrong in the configuration (although one might say that is probably dangerous to indicate a permanent redirect).