Configuring a basic HTTPS website with Apache on OmniOSce
┌ Open a terminal and switch to root
su -┌ Install Apache
pkg install pkg:/ooce/server/apache-24 mkdir /etc/opt/ooce/apache-2.4/SSL ┌ Create our own SSL certification authority for self-signing
cd /etc/opt/ooce/apache-2.4/SSL openssl genrsa 4096 > ca.key openssl req -new -x509 -days 365 -nodes -key ca.key > ca.crt openssl genrsa 4096 > cleprivapache.key ┌ Create the SSL signature request and have it signed by our certification authority
For a real website, you'll have to send this demandesignature.csr to a real SSL certification authority
openssl req -new -key cleprivapache.key > demandesignature.csr openssl x509 -req -in demandesignature.csr -out certifapache.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 ┌ Apply permissions for the private key and SSL certificate
chown webservd:webservd cleprivapache.key chmod 640 cleprivapache.key chown webservd:webservd certifapache.crt chmod 644 certifapache.crtn┌ WebSite name (ServerName)
(for this example, I choose to create "www.mywonderfulwebsite.com")
mkdir -p /var/www/www.mywonderfulwebsite.com ┌ Apply permissions to the DocumentRoot
find /var/www/www.mywonderfulwebsite.com -type d -exec chmod 755 {} \; chown -R webservd:webservd /var/www/www.mywonderfulwebsite.com ┌ Configure Apache Logs
mkdir -p /opt/ooce/apache-2.4/logs/ chown webservd:webservd /opt/ooce/apache-2.4/logs/ chmod 755 /opt/ooce/apache-2.4/logs/ ┌ Creation of the VirtualHost for 'www.mywonderfulwebsite.com'
Create /etc/opt/ooce/apache-2.4/extra/www.mywonderfulwebsite.com.conf with this configuration :
#### VHOST www.mywonderfulwebsite.com ####
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DE
SSSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/opt/ooce/apache-2.4/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# REDIRECTION HTTP -> HTTPS
<VirtualHost 192.168.0.122:80>
ServerName www.mywonderfulwebsite.com
Redirect permanent / https://www.mywonderfulwebsite.com:443/
</VirtualHost>
<VirtualHost 192.168.0.122:443>
ServerAdmin admin@www.mywonderfulwebsite.com
DocumentRoot \"/var/www/www.mywonderfulwebsite.com\"
ServerName www.mywonderfulwebsite.com:443
ErrorLog \"/opt/ooce/apache-2.4/logs/www.mywonderfulwebsite.com-error_log\"
CustomLog \"/opt/ooce/apache-2.4/logswww.mywonderfulwebsite.com-access_log\" common
SSLEngine on
SSLCertificateFile "/etc/opt/ooce/apache-2.4/SSL/certifapache.crt
SSLCertificateKeyFile "/etc/opt/ooce/apache-2.4/SSL/cleprivapache.key
<Directory \"/var/www/www.mywonderfulwebsite.com\">
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/opt/ooce/apache-2.4/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/var/log/opt/ooce/apache-2.4/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost> ┌ Add the virtualhost to the apache configuration
Add this to the end of /etc/opt/ooce/apache-2.4/httpd.conf
#-------------------------#
# VHOST www.mywonderfulwebsite.com
Include /etc/opt/ooce/apache-2.4/extra/www.mywonderfulwebsite.com.conf ┌ Configure Apache for SSL
sed -i 's/#LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/' /etc/opt/ooce/apache-2.4/httpd.conf sed -i 's/#LoadModule ssl_module libexec\/mod_ssl.so/LoadModule ssl_module libexec\/mod_ssl.so/' /etc/opt/ooce/apache-2.4/httpd.conf sed -i 's/#LoadModule setenvif_module libexec\/mod_setenvif.so/LoadModule setenvif_module libexec\/mod_setenvif.so/' /etc/opt/ooce/apache-2.4/httpd.conf sed -i 's/#LoadModule log_config_module libexec\/mod_log_config.so/LoadModule log_config_module libexec\/mod_log_config.so/' /etc/opt/ooce/apache-2.4/httpd.conf ┌ Start Apache
svcadm disable svc:/network/http:apache24 && sleep 5 svcadm enable svc:/network/http:apache24 && sleep 5
The site is now launched and accessible.