Skip to content

Instantly share code, notes, and snippets.

@smohadjer

smohadjer/virtual_host.md

Last active October 20, 2021 10:52
Show Gist options
  • Save smohadjer/cacacd14eed0881bc576d501cdf98e7d to your computer and use it in GitHub Desktop.
Save smohadjer/cacacd14eed0881bc576d501cdf98e7d to your computer and use it in GitHub Desktop.
Download ZIP
Updating virtual host
Raw
virtual_host.md

Seting up a virtual host with https(SSL) in Apache on Mac and Windows

Related links:

  1. Uncomment vhost and ssl lines in httpd.conf:

    #Include /private/etc/apache2/extra/httpd-vhosts.conf (mac)
#Include conf/extra/httpd-vhosts.conf (windows)

#LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
#LoadModule ssl_module libexec/apache2/mod_ssl.so

#Include /private/etc/apache2/extra/httpd-ssl.conf

  2. Create a myopenssl.cnf file (at /etc/apache2 on mac and at C:\Apache24\conf on windows) with following content and add a DNS entry under [alt_names] for your site:

    [req]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = CA
ST = ON
L = MyTown
O = MyCompany
OU = IT
CN = localhost.local

[v3_req]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost.local
DNS.2 = mysite.local

  3. Run below command (in mac use sudo) to generate server.key and server.crt files:

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt -config myopenssl.cnf -extensions 'v3_req'

  4. (Mac only) Add the SSL Certificate to Keychain Access:

    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/server.crt

  5. (Windows only) Add the certificate as trusted certificate on the local machine, so the browser would not give error on the certificate. In Windows (IE/Edge/Chrome):

     right click on certificate (i.e server.crt)
 install Certificate
 Current User (use Local Machine if you use multiple users on the same machine)
 Place all certificates in the following store, Browse
 Trusted Root Certificate Authorities
 Finish

  6. Add a a virtual host for your site to httpd-vhosts.conf, in mac located at: /etc/apache2/extra/httpd-vhosts.conf, use backslash in windows):

    <VirtualHost *:80>
    ServerName mysite.local
    Redirect / https://mydomain.local/
</Virtualhost>

<VirtualHost *:443>
    ServerName mysite.local
    DocumentRoot "/Users/sm/Documents/mysite/app"

	SSLEngine on
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	SSLCertificateFile /etc/apache2/server.crt
	SSLCertificateKeyFile /etc/apache2/server.key

	<Directory "/Users/sm/Documents/mysite/app">
		DirectoryIndex index.php
		AllowOverride All
		Require all granted
	</Directory>
</Virtualhost>

  7. Add the following to hosts file (located at /etc on Mac and at C:\Windows\System32\drivers\etc\hosts on windows)

    127.0.0.1	localhost
127.0.0.1   mysite.local

  8. Restart apache

    sudo apachectl restart (mac)
c:\Apache24\bin>httpd.exe -f c:\Apache24\conf\httpd_php7.3.conf (from windows command prompt)
@sagarguhe
Copy link

Nice! this works without any warning in chrome, but Firefox throws warning of untrusted certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment