LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-06-2006, 07:24 PM   #1
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Rep: Reputation: 16
Question Apache 2.2 SSL


Hello everyone,

Can anyone tell me the quickest way to get my Apache 2.2 server set up so that it serves SSL connections only?

this is how I configured apache:

./configure --prefix=/usr/local/apache2 \
--mandir=/usr/local/man \
--enable-so \
--enable-ssl=shared \
--enable-rewrite


What do I have to edit/change in httpd.conf to run an SSL ONLY server?

Thankyou.
 
Old 04-06-2006, 09:19 PM   #2
socceroos
Member
 
Registered: Aug 2005
Location: Australia
Distribution: Ubuntu, FreeBSD, Fedora
Posts: 125

Original Poster
Rep: Reputation: 16
I think I have figured it out.

I placed the following code at the bottom of httpd.conf.

I believe this method is secure, but if not - could someone tell me of a better way to do it?

Thankyou.


#### START CODE ####



Listen 443

<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName my.domain.name:443
ServerAdmin blablabla
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key


SSLCACertificatePath /usr/local/apache2/conf/ssl.crt
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt



<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

<Directory "/usr/local/apache2/htdocs">
SSLRequireSSL
SSLCipherSuite HIGH:MEDIUM
SSLOptions +StdEnvVars
SSLOptions +OptRenegotiate
</Directory>

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

#
# The following Rewrite Rules makes sure that if someone requests a HTTP URI from this server
# that it is changed to HTTPS.
#

RewriteEngine on
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI}

#### END CODE ####
 
Old 04-07-2006, 12:19 AM   #3
megaspaz
Senior Member
 
Registered: Nov 2002
Location: Silly Con Valley
Distribution: Red Hat 7.3, Red Hat 9.0
Posts: 2,054

Rep: Reputation: 46
uh... fyi, in conf/extra there's a file called httpd-ssl.conf that you can edit to set up SSL. in conf/httpd.conf you then uncomment the Include line for httpd-ssl.conf.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 04:11 PM
Apache and SSL ddelao Linux - Software 1 06-06-2005 12:57 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 10:10 AM
SSL and Apache jqcaducifer Linux - Networking 1 08-04-2003 07:44 AM
Apache and SSL odius Linux - Networking 0 03-13-2003 02:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration