Illumadmin

Subscribe
Archives
March 21, 2024

Configuring a basic HTTPS website with Apache on OmniOSce

┌ Open a terminal and switch to root

su -

┌ Install Apache

pkg install pkg:/ooce/server/apache-24 
mkdir /etc/opt/ooce/apache-2.4/SSL 

┌ Create our own SSL certification authority for self-signing

cd /etc/opt/ooce/apache-2.4/SSL 
openssl genrsa 4096 > ca.key 
openssl req -new -x509 -days 365 -nodes -key ca.key > ca.crt 
openssl genrsa 4096 > cleprivapache.key 

┌ Create the SSL signature request and have it signed by our certification authority

For a real website, you'll have to send this demandesignature.csr to a real SSL certification authority

openssl req -new -key cleprivapache.key > demandesignature.csr 
openssl x509 -req -in demandesignature.csr -out certifapache.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 

┌ Apply permissions for the private key and SSL certificate

chown webservd:webservd cleprivapache.key 
chmod 640 cleprivapache.key 
chown webservd:webservd certifapache.crt 
chmod 644 certifapache.crtn

┌ WebSite name (ServerName)
(for this example, I choose to create "www.mywonderfulwebsite.com")

mkdir -p /var/www/www.mywonderfulwebsite.com 

┌ Apply permissions to the DocumentRoot

find /var/www/www.mywonderfulwebsite.com -type d -exec chmod 755 {} \; 
chown -R webservd:webservd /var/www/www.mywonderfulwebsite.com 

┌ Configure Apache Logs

mkdir -p /opt/ooce/apache-2.4/logs/ 
chown webservd:webservd /opt/ooce/apache-2.4/logs/ 
chmod 755 /opt/ooce/apache-2.4/logs/ 

┌ Creation of the VirtualHost for 'www.mywonderfulwebsite.com'

Create /etc/opt/ooce/apache-2.4/extra/www.mywonderfulwebsite.com.conf with this configuration :

#### VHOST www.mywonderfulwebsite.com ####

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DE
SSSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/opt/ooce/apache-2.4/run/ssl_scache(512000)" 
SSLSessionCacheTimeout 300

# REDIRECTION HTTP -> HTTPS
<VirtualHost 192.168.0.122:80>  
  ServerName www.mywonderfulwebsite.com  
  Redirect permanent / https://www.mywonderfulwebsite.com:443/ 
</VirtualHost> 

<VirtualHost 192.168.0.122:443>
  ServerAdmin admin@www.mywonderfulwebsite.com
  DocumentRoot \"/var/www/www.mywonderfulwebsite.com\" 
  ServerName www.mywonderfulwebsite.com:443
  ErrorLog \"/opt/ooce/apache-2.4/logs/www.mywonderfulwebsite.com-error_log\" 
  CustomLog \"/opt/ooce/apache-2.4/logswww.mywonderfulwebsite.com-access_log\" common  

  SSLEngine on  
  SSLCertificateFile "/etc/opt/ooce/apache-2.4/SSL/certifapache.crt 
  SSLCertificateKeyFile "/etc/opt/ooce/apache-2.4/SSL/cleprivapache.key  

  <Directory \"/var/www/www.mywonderfulwebsite.com\">    
    AllowOverride All    
    Require all granted    
    DirectoryIndex index.php index.html index.htm  
  </Directory>  

  <FilesMatch "\.(cgi|shtml|phtml|php)$">    
    SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"    
    SSLOptions +StdEnvVars  
  </FilesMatch>  

  <Directory "/var/opt/ooce/apache-2.4/cgi-bin">    
    SSLOptions +StdEnvVars  
  </Directory>  

  BrowserMatch "MSIE [2-5]" \    
    nokeepalive ssl-unclean-shutdown \    
    downgrade-1.0 force-response-1.0  

  CustomLog "/var/log/opt/ooce/apache-2.4/ssl_request_log" \    
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
</VirtualHost>


┌ Add the virtualhost to the apache configuration

Add this to the end of /etc/opt/ooce/apache-2.4/httpd.conf

#-------------------------#
# VHOST www.mywonderfulwebsite.com  
Include /etc/opt/ooce/apache-2.4/extra/www.mywonderfulwebsite.com.conf


┌ Configure Apache for SSL

sed -i 's/#LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/' /etc/opt/ooce/apache-2.4/httpd.conf 
sed -i 's/#LoadModule ssl_module libexec\/mod_ssl.so/LoadModule ssl_module libexec\/mod_ssl.so/' /etc/opt/ooce/apache-2.4/httpd.conf 
sed -i 's/#LoadModule setenvif_module libexec\/mod_setenvif.so/LoadModule setenvif_module libexec\/mod_setenvif.so/' /etc/opt/ooce/apache-2.4/httpd.conf 
sed -i 's/#LoadModule log_config_module libexec\/mod_log_config.so/LoadModule log_config_module libexec\/mod_log_config.so/' /etc/opt/ooce/apache-2.4/httpd.conf


┌ Start Apache

svcadm disable svc:/network/http:apache24 && sleep 5 
svcadm enable svc:/network/http:apache24 && sleep 5


The site is now launched and accessible.

Don't miss what's next. Subscribe to Illumadmin:
This email brought to you by Buttondown, the easiest way to start and grow your newsletter.