I run a Apache webserver off my hp tablet when I’m not using it, and recently I’ve been wanting to sit down and learn about ssl and https and implement it. I did some googling on the topic and figured out how to go about setting it up. I thought it might be helpful to compile all the information along with the original links so people don’t have to bounce from website to website like I did.

Just for knowledge I am using Ubuntu 9.10 with Apache 2.2.12 and I am running this from within my dorm room where only people on campus can see my server, this might not be a good idea if you are using this on a more public server.

- Getting Started / HTTPS Configuration -

The mod_ssl module adds an important feature to the Apache2 server – the ability to encrypt communications. So what we want to do is run the following command to enable SSL:

sudo a2enmod ssl

There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl. In order for Apache to provide HTTPS, a certificate and key file are also needed. To configure Apache to use this we next run this command:

sudo a2ensite default-ssl

All that is left now is to restart Apache so the changes are applied. You can just type the following:

sudo service apache2 restart OR sudo /etc/init.d/apache2 restart

[ Ubuntu's Documentation ]

- Force the browser from HTTP to HTTPS -

Next I wanted to make sure anyone who visited my server would be forced to use https. To do so I did the following, which might not be the best way but it was certainly the easiest way. For more information on why this isn’t the best way consult the links provided.

To enable .htaccess in Apache, you need to edit /etc/apache2/sites-available/default. You want to change the line AllowOverride None to AllowOverride All in the portion of the text as seen below in your default file.


<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

Next just restart Apache with one of the commands as listed above.

[ Enable .htaccess Documentation ]

Finally I just added a .htaccess file to the /var/www with the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

This entry was posted on Friday, February 12th, 2010 at 6:51 AM and is filed under Guide, Linux. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.