{"id":9,"date":"2005-02-04T13:25:05","date_gmt":"2005-02-04T13:25:05","guid":{"rendered":"http:\/\/bingo.bananasplit.info\/wordpress\/?p=9"},"modified":"2005-02-04T14:25:50","modified_gmt":"2005-02-04T14:25:50","slug":"apache2-ssl-on-debian","status":"publish","type":"post","link":"https:\/\/blog.stmellion.org\/?p=9","title":{"rendered":"Apache2 SSL on Debian"},"content":{"rendered":"

Thankfully I got considerable help on this subject. I followed some excellent instructions<\/a> posted by Bill Lovett. These alone didn’t solve all my issues but fortunately the ever-knowing Weasel came to my rescue.<\/p>\n

Starting at the beginning:
\nGet apache2 running! No point buggering around with ssl configuration if the webserver doesn’t work. Once that’s done, proceed.<\/p>\n

There is the usual requirement to generate certificates, assuming a common certificate authority is desired across a number of services. Save the cert and the cacert into \/etc\/apache2\/ssl (I copied the private key from the cert request into the certificate file, just for simplicity). This step can be bypassed by running ‘apache2-ssl-certificate’ which will generate a cert file. I just prefer to make my own.<\/p>\n

Copy \/usr\/share\/doc\/apache2\/examples\/ssl.conf.gz to \/etc\/apache2\/sites-available and unzip it.
\nRun ‘a2ensite ssl.conf’ to create a symlink in sites-enabled to the file in sites-available.
\nRun ‘a2enmod ssl’ to enable the module in the same manner as the site.
\nEdit \/etc\/apache2\/sites-available\/ssl.conf and configure it to look at the certs and cacerts. Also make sure the Document Root is set correctly to \/var\/www<\/p>\n

Now comes a nasty bit:
\nYou cannot mix wildcards to Virtual Hosts with non-wildcards. Some would say you shouldn’t have any<\/u> wildcards. By this I mean in each configuration file in \/etc\/apache2\/sites-available, you don’t want anything like these:
\n<VirtualHost *>
\n<Virtualhost *:443>
\nNameVirtualHost *:80<\/p>\n

Easiest way to find these things is with the following commands:
\ngrep -ri ‘<VirtualHost ‘ \/etc\/apache2
\ngrep -ri ‘<NameVirtual’ \/etc\/apache2<\/p>\n

Tighten these down by changing them to:
\n<VirtualHost 1.2.3.4:80>
\nNameVirtualHost 1.2.3.4:80
\nWhere 1.2.3.4 is the servers’ IP Address.<\/p>\n

Restart apache2 by \/etc\/init.d\/apache2 restart
\nLogs can be found in \/var\/log\/apache2. Note that ssl logs are have an underscore, whilst non-ssl have a period. Eg. error.log and error_log<\/p>\n","protected":false},"excerpt":{"rendered":"

How to configure Apache2 on Debain with support for SSL. In other words, how to serve https.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-9","post","type-post","status-publish","format-standard","hentry","category-debian","entry"],"_links":{"self":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/9","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":0,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}