In this post we ‘ll be using HTTP with Apache on OS X Yosemite. In a previous post I showed you how to create a self-signed security. If you followed along then you created the following files in the /etc/apache2/ssl folder :

  • local.example.com.crt
  • local.example.com.key

now, we are going to go through the steps necessary to set up HTTPS on our local anesthetic Apache web waiter :

  • Load mod_ssl extension
  • Include ssl config file
  • Modify ssl config file, adding our new virtual host bound to port 443
  • Optionally specify new testing domain in our hosts file
  • Test and restart Apache

Why?

first, let ‘s answer a bare question : “ Why ? ” In an attempt to support HTTPS Everywhere we are migrating our web site to use HTTPS. In late web log posts I will show how we will perform the migration to HTTPS .
The real argue for using HTTPS is to secure the network. The risks to users and privacy are at the highest levels nowadays, and I suspect that the risks will only increase, while our users will increasingly expect the protection of their privacy.

Load mod_ssl

OK, now that we know why we are doing this, let ‘s dive it. First, merely uncomment the follow agate line in the httpd.conf file. To modify the httpd.conf file we will use nano text editor program. I besides recommend using Textmate, and then you can good replace “ nano ” with “ mate ” in the following commands .
My httpd.conf file is located at : /etc/apache2/httpd.conf

$  candle /etc/apache2/
$  sudo  nano httpd.conf

Find the following line and uncomment it. Just in shell you are not sure, comments have a leadership pound/hash symbol ( # ) — just remove it .
Load mod_ssl

Include httpd-ssl.conf File

While we even have the httpd.conf file candid, we besides need to uncomment the line that includes the httpd-ssl.conf file .
Include https-ssl.conf File

Add VirtualHost to httpd-ssl.conf

The last step is to configure a new virtual host that is bound to port 443 ( HTTPS ). There is already a sample record in the httpd-ssl.conf file. I suggest you inaugural remove it, or comment it all out, so that you can just paste in the necessary code at the bottom of the file .
My httpd-ssl.conf file is located at : /etc/apache2/conf/httpd-ssl.conf
You will need to open the file using nano :

$  four hundred /etc/apache2/extra
$  sudo  nano httpd-ssl.conf

Declare VirtualHost

The first base step is to declare a raw virtual host using the directing .

 

<

VirtualHost

*

:

443

>

General Virtual Host Settings

future, within the directive, we will declare some basic host settings :

  • DocumentRoot: absolute path to the webroot for the site
  • ServerName: the fully qualified domain name (FQDN)
  • ErrorLog: location of the error log
  • CustomLog: location of the access log

Enable SSL

To enable the SSL engine in Apache we just add set the fructify to “ on ” .

  
 SSLEngine on

Specify certificate and private key

Using the paths as I described at the begin, we will tell the SSL locomotive the localization of the certificate request file ( csr ) and the private host key ( .key ) .

` 
 SSLCertificateFile  `` /private/etc/apache2/ssl/local.example.com.crt ''

 
 SSLCertificateKeyFile  `` /private/etc/apache2/ssl/local.example.com.key ''

SSL Engine Options

There are lots of options that you can ( and should if you are setting up a production server ) configure for the SSL Engine, including the patronize ciphers and the order of the ciphers used. If you have been following any holocene security newsworthiness, you have probably heard of the POODLE security flaw that uses a SSL 3.0 disengagement vulnerability. To prevent any risk on a production server you must configure your waiter to use the latest adaptation of TLS ( 1.3 as of this write ), and remove the back for teh older SSL adaptation 2.0 and 3.0 protocols .

Protocols and ciphers — oh my!

If you are confused about all of the protocols, ciphers, prioritization logic, etc. then I would recommend that you read the Mozilla article on Server Side security and TLS. They offer some best commit configurations for production environments and versatile web servers ; including : two, Apache and Nginx .
For our local growth server we are not going to worry about the protocols/ciphers and just simply add the following options .

 
 

<

FilesMatch

"\.(cgi|shtml|phtml|php)$"

>

SSLOptions +StdEnvVars

FilesMatch

>

<

Directory

"/Library/WebServer/CGI-Executables"

>

SSLOptions

+StdEnvVars

Directory

>

Complete Virtual Host

last, we need to close the directing. Our complete virtual server in the httpd-ssl.conf file should look like this :

 

<

VirtualHost

*

:

443

>

DocumentRoot `` /www/local.example.com/www '' ServerName local.example.com ErrorLog `` /private/var/log/apache2/local.example.com-error_log '' CustomLog `` /private/var/log/apache2/local.example.com-access_log '' common SSLEngine on SSLCertificateFile `` /private/etc/apache2/ssl/local.example.com.crt '' SSLCertificateKeyFile `` /private/etc/apache2/ssl/local.example.com.key ''

<

FilesMatch

"\.(cgi|shtml|phtml|php)$"

>

SSLOptions +StdEnvVars

FilesMatch

>

<

Directory

"/Library/WebServer/CGI-Executables"

>

SSLOptions

+StdEnvVars

Directory

>

VirtualHost

>

Hosts file

In case this is a newly web site, you should besides modify your hosts file to direct the knowledge domain name to your local Apache web server. If you already had the world configured in your hosts file, then you can skip this step .
The hosts file is located at : /etc/hosts
note that the file does not have an elongation. Let ‘s open this up in nano .

$  certificate of deposit /etc
$  sudo  nano hosts

then, add a new line for your web site. I am using local.example.com .

127.0.0.1    local.example.com

Hosts File

Test Configuration and Restart Apache

The last step is to test our new shape, and assuming everything is good, restart the Apache web server .

$  sudo  apachectl -t
$  sudo apachectl restart

Test and Restart Apache
All done. You are now serving your web site over HTTPS using Apache .

beginning : https://themedipia.com
Category : Website hosting

Leave a Reply

Your email address will not be published.