Skip to content

Instantly share code, notes, and snippets.

@svenikea

svenikea/apache _ssl.md

Last active August 28, 2020 15:29
Show Gist options
  • Save svenikea/dc1a272ab006bd9d79ad3a514fb0b91b to your computer and use it in GitHub Desktop.
Save svenikea/dc1a272ab006bd9d79ad3a514fb0b91b to your computer and use it in GitHub Desktop.
Download ZIP
How to enable SSL/TLS on Apache web server on Arch Linux
Raw
apache _ssl.md

First we need to obtain a certificate

Generate an RSA private key

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:keysize -out file

If an encrypted key is desired, use the -aes-256-cbc option.

Generate a certificate signing request

openssl req -new -sha256 -key private_key -out filename

Generate a self-signed certificate

openssl req -key private_key -x509 -new -days days -out filename

Generate a self-signed certificate with private key in a single command

You can combine the above command in OpenSSL into a single command which might be convenient in some cases:

openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename

Change some config file

In /etc/httpd/conf/httpd.conf, uncomment the following three lines:

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf

After obtaining a key and certificate, make sure the SSLCertificateFile and SSLCertificateKeyFile lines in /etc/httpd/conf/extra/httpd-ssl.conf point to the key and certificate.

⚠️ If the /etc/httpd/conf/httpd.conf and /etc/httpd/conf/extra/httpd-ssl.conf had a Listen 443 or Listen 80 then comment it out because if 2 file share Listen 443 then it will return an error.

Change the DocumentRoot to your corresponsing server folder and change the ServerName to what ever you like

In /etc/httpd/conf/extra/httpd-vhosts.conf and do the following basic changes:

<VirtualHost *:80>
    ServerAdmin [your made up name]@[your made up domain name]
    DocumentRoot "[your website folder]"
    ServerName [your server name]
    ServerAlias [your server name]
    ErrorLog "/var/log/httpd/domainname1.dom-error_log"
    CustomLog "/var/log/httpd/domainname1.dom-access_log" common

    <Directory "[your website folder]">
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin [your made up name]@[your made up domain name]
    DocumentRoot "[your website folder]"
    ServerName [your server name]
    ServerAlias [your server name]
    SSLEngine on
    SSLCertificateFile "/etc/httpd/conf/[your certificate file].crt"
    SSLCertificateKeyFile "/etc/httpd/conf/[your certificate key].key"
    ErrorLog "/var/log/httpd/domainname1.dom-error_log"
    CustomLog "/var/log/httpd/domainname1.dom-access_log" common

    <Directory "[your website folder]">
        Require all granted
    </Directory>
</VirtualHost>

Finally, restart httpd.service to apply any changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment