# Apache2 and secure https

## _easyrider_

Can anybody give me an quick guide on how to set of secure http, on for example http://www.myserver.com/squirrelmail/ ?

----------

## mmealman

Assuming you're using name based vertual hosting:

Obviously compile apache with ssl in your use flags.

Edit /etc/conf.d/apache2 and add -D SSL to the APACHE2_OPTS

Edit /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf and blank out this file. Back it up to a 41_mod_ssl.default-vhost.conf.bak before you blank it out though.

Your /etc/apache2/conf/vhosts/vhosts.conf file should have entries like the below:

```

<VirtualHost *:80>

    ServerAdmin mmealman@tarsis.org

    DocumentRoot /var/www/localhost/htdocs/tarsis_webmail

    ServerName webmail.tarsis.org

    ServerAlias webmail

</VirtualHost>

# https on webmail for tarsis

<IfModule mod_ssl.c>

    <VirtualHost *:443>

        ServerAdmin mmealman@tarsis.org

        DocumentRoot /var/www/localhost/htdocs/tarsis_webmail

        ServerName webmail.tarsis.org

        ServerAlias webmail

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile conf/ssl/server.crt

        SSLCertificateKeyFile conf/ssl/server.key

        #<Files ~ "\.(cgi|shtml|phtml|php?)$">

        #    SSLOptions +StdEnvVars

        #</Files>

    </VirtualHost>

</IfModule>

```

Obviously use your own web dirs and host names. The above config will let me access webmail.tarsis.org on both port 80 and port 443(https). If you don't want the regular http anymore, just remove the <VirtualHost *:80> config block.

Stop and restart apache and it should work. At some point you'll want to replace the dummy certs in your /etc/apache2/conf/ssl dir and you can use /usr/lib/ssl/apache2-mod_ssl/gentestcrt.sh to generate some more up to date test ones. Generating valid certs can be tricky though, so I recommend you don't do that until you know https is up and running correctly first with the default supplied test certs.

----------

## Nossie

I have a similar setup. I redirect the host on port 80 to port 443 so you have to use the secure version.

----------

## _easyrider_

Can't get it to work, what am i missing?

How do you make it do a rederict from port 80 to port 443 so that i i would type http://www.domain.com i would be redirectet to https://www.domain.com?

----------

## fleed

What's wrong? Why is it not working? Apache doesn't start? It doesn't listen on port 443? What's in the logs? What does it say when starting? Do you have -D SSL in your /etc/conf.d/apache2 ?

----------

## _easyrider_

This is my error_log.

```

[Sat Sep 18 14:14:16 2004] [notice] Digest: done

[Sat Sep 18 14:14:17 2004] [notice] Apache/2.0.50 (Gentoo/Linux) mod_ssl/2.0.50 OpenSSL/0.9.7d P$

[Sat Sep 18 14:14:36 2004] [error] [client 80.163.175.139] File does not exist: /var/www/localho$

[Sat Sep 18 14:15:36 2004] [notice] caught SIGTERM, shutting down

[Sat Sep 18 14:15:38 2004] [notice] Digest: generating secret for digest authentication ...

[Sat Sep 18 14:15:38 2004] [notice] Digest: done

[Sat Sep 18 14:15:39 2004] [notice] Apache/2.0.50 (Gentoo/Linux) mod_ssl/2.0.50 OpenSSL/0.9.7d P$

[Sat Sep 18 14:43:07 2004] [error] [client 201.9.125.72] File does not exist: /var/www/localhost$

```

ssl_error_log.

```

[Sat Sep 18 14:15:38 2004] [warn] RSA server certificate CommonName (CN) `localhost' does NOT ma$

[Sat Sep 18 14:15:39 2004] [warn] RSA server certificate CommonName (CN) `localhost' does NOT ma$

```

I only get the error that the page could not be displayed.

I have tryied with the setting from mmealman, just with my settings, but without any result..

----------

## fleed

Please send your setup, please do it in a way which doesn't add the $ at the end as in your previous post (maybe you're using nano to look at your files?) Also resend your logs and tell us what machine you're connecting from so we can relate what's in the logs to your symptoms, without the $ at the end of the lines, and full lines.

----------

## _easyrider_

I got it to work, just had to enable the option "Include /etc/apache2/conf/vhost/vhost.conf" in the apache2.conf file.

But now my question is to how i can make an redirect from http://webmail.domain.com to https://webmail.domain.com so that i don't need to add the https myself.

----------

## MaStEr_Pr

 *_easyrider_ wrote:*   

> I got it to work, just had to enable the option "Include /etc/apache2/conf/vhost/vhost.conf" in the apache2.conf file.
> 
> But now my question is to how i can make an redirect from http://webmail.domain.com to https://webmail.domain.com so that i don't need to add the https myself.

 

Its Easy.

Put an index.php in your http://webmail.domain.com catalog with following code:

```
<?php

header('Location: https://webmail.domain.com');

?>
```

----------

## fleed

Or RTFM on http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirect

```

Redirect /service http://foo2.bar.com/service

```

----------

## _easyrider_

Hmm not shure how to use that redirect option. can you explain some more??

----------

## fleed

Did you even try going to the documentation to read it? I even gave you a link, man!

----------

## _easyrider_

Yes i did, but im not shure where yo add/use the redirect command?

----------

## mmealman

You'd use it like this:

```

<VirtualHost *:80>

    ServerName webmail.tarsis.org

    ServerAlias webmail

    Redirect / https://webmail.tarsis.org

</VirtualHost>

```

----------

## _easyrider_

A new problem, i can't have more that 1 vhost on the same ip?. If i make the vhost for the webmail.domain.dk and also just want to have domain.dk to work, how do i do that, i can't get it to work.

This is my config

```

<VirtualHost *:80>

    ServerAdmin admin@blabla.dk

    DocumentRoot /var/www/localhost/htdocs

    ServerName blabla.dk

    ServerAlias /

</VirtualHost>

<VirtualHost *:80>

    ServerAdmin admin@blabla.dk

    DocumentRoot /var/www/localhost/htdocs/squirrelmail

    ServerName webmail.blabla.dk

    ServerAlias /webmail

    Redirect / https://webmail.blabla.dk

</VirtualHost>

# https on webmail for blabla.dk

<IfModule mod_ssl.c>

    <VirtualHost *:443>

        ServerAdmin admin@blabla.dk

        DocumentRoot /var/www/localhost/htdocs/squirrelmail

        ServerName webmail.blabla.dk

        ServerAlias /webmail

```

----------

