For an SSL encrypted web server install the required software
yum install mod_ssl openssl
Got a free SSL certificate from startssl.com:
First, sign up with an email, after verification code verified, a client certificate will be installed on your PC, you will use it to login going forward.
after you login, choose the free certificate, verify your domain(similar steps as when you sign up), after your domain verified,
you need to download startcomtool.exe from its web page, use the tool to generate a CSR, choose method OpenSSL, copy CSR from the tool, paste into the form
after your domain verified in startssl.com, then click generate, after a few minutes, the certificates generated and you can download the certificates,
then upload to your web server, configure web server to point to it.
Update the Apache SSL configuration file
vi /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. for example:
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
Setting up the virtual hosts in /etc/httpd/conf.d/ssl.conf
<VirtualHost *:80>
<Directory /var/www/vhosts/yoursite.com/httpdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
ServerName yoursite.com
</VirtualHost>
To add a sister site on port 443 you need to add the following at the top of your file
NameVirtualHost *:443
and then a VirtualHost record something like this:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/vhosts/yoursite.com/httpsdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
ServerName yoursite.com
</VirtualHost>
Restart Apache again using
service httpd restart
Configuring the firewall
open port 443
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
iptables -L -v
Configure HTTPS everywhere
in /etc/httpd/conf/httpd.conf add always redirect to https
<VirtualHost *:80>
ServerAdmin webmaster@craplist.ca
ServerName craplist.ca
Redirect permanent / https://craplist.ca/
</VirtualHost>
in config.php:
define('WEB_PATH', 'https://craplist.ca/');
No comments:
Post a Comment