Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st October 2010, 01:37
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default How To Get SSL On My Apache Server?

So I have a web server running on my Arch Linux server. The document root for my server is the default '/srv/http' directory. My question is how can I force my website to use HTTPS / 443 encryption for my /wiki & /webmail paths? Generally when I go to my website the URL is as follows:

www.iamghost.com (This is just the main site and runs on port 80)

www.iamghost.com/wiki (This is just a folder under my docement root '/srv/http/wiki')

www.iamghost.com/webmail (This too is just another folder under my document root '/srv/http/webmail')

I would like to use my existing SSL certificates (self signed and generated with openssl) to force the 'wiki' & 'webmail' folders to run on port 443 rather than port 80. I don't know how to do this so I am posting my 'httpd.conf' file below so maybe someone can show or help me add the following entries to get this to work. My public and private SSL keys are stored in '/etc/ssl' and are already working for Postfix on the same server. Just to explain again, my main site www.iamghost.com is fine running on port 80 but when I click on the wiki or webmail links, I would like them to use SSL since logins are required for both. They're both just folders under my document root.

My 'httpd.conf':

Code:
ServerRoot "/etc/httpd"

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

User http
Group http

</IfModule>
</IfModule>

ServerAdmin postmaster@iamghost.com

ServerName www.iamghost.com:80

DocumentRoot "/srv/http"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory "/srv/http">
    
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>


<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "/var/log/httpd/error_log"

LogLevel warn

<IfModule log_config_module>
   
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "/var/log/httpd/access_log" common

  </IfModule>

<IfModule alias_module>
    
    ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    
</IfModule>

<Directory "/srv/http/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
  
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>



Include conf/extra/httpd-multilang-errordoc.conf

Include conf/extra/httpd-autoindex.conf

Include conf/extra/httpd-languages.conf

Include conf/extra/httpd-userdir.conf

Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

Include conf/extra/php5_module.conf

#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Reply With Quote
Sponsored Links
  #2  
Old 1st October 2010, 16:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Take a look here: http://www.besthostratings.com/artic...-htaccess.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
carlosinfl (1st October 2010)
  #3  
Old 1st October 2010, 17:39
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default

Quote:
Originally Posted by falko View Post
That looks like exactly what I need. Just to be clear on what I read, .htaccess file will only force https:// on specific pages and not prompt web surfers for a password, right?
Reply With Quote
  #4  
Old 2nd October 2010, 13:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

No, it will not prompt for a password.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd October 2010, 22:01
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default

It didn't work for me and I don't understand what I did wrong or missed. I went to the folder that I wish to force 'https' on and created the .htaccess file and in that file I have the following:

Code:
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} wiki 
RewriteRule ^(.*)$ https://www.iamghost.com/wiki/$1 [R,L]
I restarted Apache and tried my site directly:

https://www.iamghost.com/wiki

Any clues on what I am doing wrong? I just thought about this but how does Apache even know where to look and find my SSL certificates? It seems like something's missing from that URL. I would expect that I would have to point Apache to the path of my SSL keys stored on the server. At no point have I done this or know where I need to do it.

Thoughts?

Last edited by carlosinfl; 2nd October 2010 at 22:05.
Reply With Quote
  #6  
Old 3rd October 2010, 18:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Can you post the vhost configuration? Do you have
Code:
AllowOverride all
in it?

Instead of using an .htaccess file, you can put the directives directly in the vhost configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
carlosinfl (6th October 2010)
  #7  
Old 6th October 2010, 18:07
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default

Quote:
Originally Posted by falko View Post
Can you post the vhost configuration? Do you have
Code:
AllowOverride all
in it?
I posted my current 'httpd.conf' file above and I didn't see any 'vhost' sections listed so I can only assume this is in a separate configuration file on my web server. If you look at my 'httpd.conf' I posted above, you can see that there are entries listed for '/srv/http' that have 'AllowOverride none'.

Code:
<Directory "/srv/http">
    
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Do I need to change this and if so, which particular one in my httpd.conf do I need to adjust?

Secondly, I found a configuration file called '/etc/httpd/conf/extra/httpd-vhosts.conf' and that file has the following:

Code:
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
NameVirtualHost *:80

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/etc/httpd/docs/dummy-host.example.com"
    ServerName dummy-host.example.com
    ServerAlias www.dummy-host.example.com
    ErrorLog "/var/log/httpd/dummy-host.example.com-error_log"
    CustomLog "/var/log/httpd/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/etc/httpd/docs/dummy-host2.example.com"
    ServerName dummy-host2.example.com
    ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log"
    CustomLog "/var/log/httpd/dummy-host2.example.com-access_log" common
</VirtualHost>
Do I copy any entries from the 'vhosts.conf' file into my 'httpd.conf' file or do I do all my alterations / editing in the 'vhosts.conf' file?

Thanks for all your help!
Reply With Quote
  #8  
Old 7th October 2010, 14:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

The vhosts.conf is included in your httpd.conf, so you don't need to copy its contents to httpd.conf.

If you've found the correct vhost configuration for your site, you can add
Code:
AllowOverride all
to it and restart Apache.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 7th October 2010, 18:46
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default

Quote:
Originally Posted by falko View Post
The vhosts.conf is included in your httpd.conf, so you don't need to copy its contents to httpd.conf.

If you've found the correct vhost configuration for your site, you can add
Code:
AllowOverride all
to it and restart Apache.
Just to be clear, I have two "DIRECTORIES" in my 'httpd.conf' file and which specifically do I need to edit or do I edit them both?

Code:
DocumentRoot "/srv/http"

<Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Deny from all
</Directory>

<Directory "/srv/http">
    Options Indexes FollowSymLinks Includes
    AllowOverride All
    Order allow,deny
    Allow from all

</Directory>
Is that how it should look above?

This is still confusing for me because all my SSL settings are in '/etc/httpd/conf/extra/httpd-ssl.conf'. Nothing pertinent to my site is listed in '/etc/httpd/conf/extra/httpd-vhost.conf'. Do I need add / modify my 'vhost.conf' file? When I simply change the 'AllowOverride All' in my 'httpd.conf' file, it breaks the Wiki URL.

Last edited by carlosinfl; 7th October 2010 at 18:53.
Reply With Quote
  #10  
Old 8th October 2010, 12:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
 
Default

No, please edit /etc/httpd/conf/extra/httpd-vhosts.conf, not your httpd.conf.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Centos5.4/ISPConfig 3--Virtual site not working MichaelCaditz Installation/Configuration 25 25th March 2011 11:37
Can't start apache Musty Server Operation 12 9th March 2008 13:58
The Perfect Setup - Debian Etch (Debian 4.0) some trouble daniel80 HOWTO-Related Questions 26 1st February 2008 16:30
Rejecting outbound mail tristanlee85 General 11 20th May 2007 17:04
Webmail Relay Error palkat General 17 23rd April 2006 18:12


All times are GMT +2. The time now is 02:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.