Changes

From Amahi Wiki
Jump to: navigation, search
Modified all the commands so that it is more copy/paste friendly for apache configurations. Added troubleshooting tips. Spelling corrections etc.
== Back up apache configurations ==
Before doing anything be sure to back up your apache configurations!
{{Code|<pre><nowiki>(cd /etc/httpd/ && tar -czf apache-backup.tar.gz conf.d/)</nowiki></pre>}}
This way if you accidentally screw something up we can start over.
== Install mod_ssl ==
mod_ssl for Apache2 is required for this functionality. Luckily Fedora makes it easy.
{{Code|<pre><nowiki>yum -y install mod_ssl</nowiki></pre>}}
== Generate your own certificates ==
NOTE: Leaving defaults will not make your server less secure. Make sure that you change "asecretpassword" in the commands below to something else. Otherwise any commands which don't have "asecretpassword" in it can be copied and pasted. This has to do with the challenge password for the private key. If you don't understand what I mean then you should read about [http://en.wikipedia.org/wiki/Public-key_cryptography public-key cryptography] which is essentially what SSL uses.
{{Code|<pre><nowiki>mkdir /etc/httpd/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /etc/httpd/ssl.crt/server.key.org 1024
mv /etc/httpd/ssl.crt/server.key /etc/httpd/ssl.key/server.key
chmod 400 /etc/httpd/ssl.key/server.key}} == Edit ssl.conf ==Edit the current </etcnowiki></httpd/conf.d/ssl.conf and change the following lines to match the code below.{{Text|SSLCertificateFile /etc/httpd/ssl.crt/server.crtSSLCertificateKeyFile /etc/httpd/ssl.key/server.keypre>}}
== Modify apache initialization ==
Modify the apache initialization for allowing SSL virtual hosts. Just in case you decide you want more than one virtual host to be capable of SSL.
{{Code|<pre><nowiki>(cd /etc/httpd/conf.d/ && echo 'NameVirtualHost *:443' >> ./00-init.conf)</nowiki></pre>}}
== Create your HDA SSL virtual host ==
Now you need your HDA virtual host over SSL. The default configuration is pretty good so let's use that.
{{Code|<pre><nowiki>cd /etc/httpd/conf.d/cp 01-platform.conf 01-platform-ssl.conf</nowiki></pre>}}
You need to modify 01-platform-ssl.conf and replace the line with "<VirtualHost *:80>" to the following lines...
{{Text|<pre><nowiki><VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key</nowiki></pre>}}
Leave the rest of the file intact as you found it. This way the server utilizes the SSL certificates you created for yourself.
== Create a redirect from HDA to secured HDA ==
Modify /etc/httpd/conf.d/'''01-platform.conf''' and go down to the rewrite rules. Below the last rewrite rule just before the line "# this was only for FCGI" put the following code.
{{Text|<pre><nowiki>RewriteCond %{HTTPS} !=on</nowiki><nowiki>RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]</nowiki></pre>}}
== Restart the Apache2 server ==
A way to solve this is to delete and retype the first an last character of each line which Apache is complaining about. You can then test your configuration again.
{{Code|<pre><nowiki>service httpd configtest</nowiki></pre>}}
If all goes well and you get "Syntax OK" then you can start your Apache server again.
{{Code|<pre><nowiki>service httpd start</nowiki></pre>}}
If all things end badly and you can't figure it out then it is possible to restart this tutorial from scratch. Just start it over.
Run the following command sequence.
{{Code|
<pre><nowiki>yum -y remove mod_ssl​
rm -rf /etc/httpd/ssl.crt
rm -rf /etc/httpd/ssl.key
(cd /etc/httpd/conf.d/ && rm -f *-ssl.conf​)
(cd /etc/httpd/ && tar -xzf apache-backup.tar.gz)</nowiki></pre>
}}
Then you can start the instructions again from step one.
61

edits