- local.example.com.crt
- local.example.com.key
now, we are going to go through the steps necessary to set up HTTPS on our local anesthetic Apache web waiter :
- Load mod_ssl extension
- Include ssl config file
- Modify ssl config file, adding our new virtual host bound to port 443
- Optionally specify new testing domain in our hosts file
- Test and restart Apache
Why?
first, let ‘s answer a bare question : “ Why ? ” In an attempt to support HTTPS Everywhere we are migrating our web site to use HTTPS. In late web log posts I will show how we will perform the migration to HTTPS .
The real argue for using HTTPS is to secure the network. The risks to users and privacy are at the highest levels nowadays, and I suspect that the risks will only increase, while our users will increasingly expect the protection of their privacy.
Load mod_ssl
OK, now that we know why we are doing this, let ‘s dive it. First, merely uncomment the follow agate line in the httpd.conf file. To modify the httpd.conf file we will use nano text editor program. I besides recommend using Textmate, and then you can good replace “ nano ” with “ mate ” in the following commands .
My httpd.conf file is located at : /etc/apache2/httpd.conf
$ candle /etc/apache2/
$ sudo nano httpd.conf Find the following line and uncomment it. Just in shell you are not sure, comments have a leadership pound/hash symbol ( # ) — just remove it .
Include httpd-ssl.conf File
While we even have the httpd.conf file candid, we besides need to uncomment the line that includes the httpd-ssl.conf file .
Add VirtualHost to httpd-ssl.conf
The last step is to configure a new virtual host that is bound to port 443 ( HTTPS ). There is already a sample
My httpd-ssl.conf file is located at : /etc/apache2/conf/httpd-ssl.conf
You will need to open the file using nano :
$ four hundred /etc/apache2/extra
$ sudo nano httpd-ssl.confDeclare VirtualHost
The first base step is to declare a raw virtual host using the directing .
<
VirtualHost *
:
443 >
General Virtual Host Settings
future, within the
DocumentRoot: absolute path to the webroot for the siteServerName: the fully qualified domain name (FQDN)ErrorLog: location of the error logCustomLog: location of the access log
Enable SSL
To enable the SSL engine in Apache we just add set the fructify to “ on ” .
SSLEngine onSpecify certificate and private key
Using the paths as I described at the begin, we will tell the SSL locomotive the localization of the certificate request file ( csr ) and the private host key ( .key ) .
`
SSLCertificateFile `` /private/etc/apache2/ssl/local.example.com.crt ''
SSLCertificateKeyFile `` /private/etc/apache2/ssl/local.example.com.key ''SSL Engine Options
There are lots of options that you can ( and should if you are setting up a production server ) configure for the SSL Engine, including the patronize ciphers and the order of the ciphers used. If you have been following any holocene security newsworthiness, you have probably heard of the POODLE security flaw that uses a SSL 3.0 disengagement vulnerability. To prevent any risk on a production server you must configure your waiter to use the latest adaptation of TLS ( 1.3 as of this write ), and remove the back for teh older SSL adaptation 2.0 and 3.0 protocols .
Protocols and ciphers — oh my!
If you are confused about all of the protocols, ciphers, prioritization logic, etc. then I would recommend that you read the Mozilla article on Server Side security and TLS. They offer some best commit configurations for production environments and versatile web servers ; including : two, Apache and Nginx .
For our local growth server we are not going to worry about the protocols/ciphers and just simply add the following options .
<
FilesMatch
"\.(cgi|shtml|phtml|php)$"
>
SSLOptions +StdEnvVars
FilesMatch
>
<
Directory
"/Library/WebServer/CGI-Executables"
>
SSLOptions
+StdEnvVars Directory
>
Complete Virtual Host
last, we need to close the
<
VirtualHost *
:
443 >
DocumentRoot `` /www/local.example.com/www ''
ServerName local.example.com
ErrorLog `` /private/var/log/apache2/local.example.com-error_log ''
CustomLog `` /private/var/log/apache2/local.example.com-access_log '' common
SSLEngine on
SSLCertificateFile `` /private/etc/apache2/ssl/local.example.com.crt ''
SSLCertificateKeyFile `` /private/etc/apache2/ssl/local.example.com.key ''
<
FilesMatch
"\.(cgi|shtml|phtml|php)$"
>
SSLOptions +StdEnvVars
FilesMatch
>
<
Directory
"/Library/WebServer/CGI-Executables"
>
SSLOptions
+StdEnvVars Directory
>
VirtualHost
>
Hosts file
In case this is a newly web site, you should besides modify your hosts file to direct the knowledge domain name to your local Apache web server. If you already had the world configured in your hosts file, then you can skip this step .
The hosts file is located at : /etc/hosts
note that the file does not have an elongation. Let ‘s open this up in nano .
$ certificate of deposit /etc
$ sudo nano hoststhen, add a new line for your web site. I am using local.example.com .
127.0.0.1 local.example.com 
Test Configuration and Restart Apache
The last step is to test our new shape, and assuming everything is good, restart the Apache web server .
$ sudo Read more: Best Hosts for Bootstrap Projects
apachectl -t
$ sudo apachectl restart 
All done. You are now serving your web site over HTTPS using Apache .