Guide on setup of the SSL connection through Apache (usage of https in Xeoma Web Server)
You can use this instruction on setting Apache up:
1) Install the apache server
sudo apt-get install apache2
2) Turn on ssl support on the apache server
sudo a2enmod ssl
sudo a2ensite default-ssl
After that, in order to apply the settings, restart the apache server
sudo service apache2 restart
3) Create a folder
sudo mkdir /etc/apache2/ssl/
4) Copy the certificate (MyDomainHERE.com.crt) and the key(MyDomainHERE.com.key) into this folder. Self-signed certificates can be generated with the help of openssl. See instruction below.
5) Enable support for the needed modules on the apache server.
sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod proxy
sudo a2enmod proxy_http
After that, in order to apply the settings, restart the apache server
sudo service apache2 restart
6) Edit the file
/etc/apache2/sites-enabled/default-ssl.conf
Following the example
<VirtualHost *:443>
ServerAdmin admin@mydomain.com
ServerName localhost:443
ServerAlias *:443
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/PublicCertificate.pem
SSLCertificateKeyFile /etc/apache2/ssl/PrivateKey.pem
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyVia full
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / http://ip-xeoma-server:10090/
ProxyPassReverse / http://ip-xeoma-server:10090/
</VirtualHost>
After that, in order to apply the settings, restart the apache server
sudo service apache2 restart
Done. Now when you connect to xeoma web server, ssl encryption will be used in 443 port.
Additionally: Instruction for creating a self-signed certificate.
echo "distinguished_name = req_distinguished_name" >openssl.conf
echo "[ req_distinguished_name ]" >>openssl.conf
echo "basicConstraints = CA:true" >>openssl.conf
echo "[ req_ext ]" >>openssl.conf
echo "subjectAltName = @alt_names" >>openssl.conf
echo "[alt_names]" >>openssl.conf
echo "DNS.1 = ns1.DNSofMyDomainHERE.com" >>openssl.conf
echo "DNS.2 = ns2.DNSofMyDomainHERE.com" >>openssl.conf
openssl req -new -batch -outform PEM -out MyDomainHERE.com.crt -newkey
rsa:2048 -nodes -keyout MyDomainHERE.com.key -keyform PEM -days 99999
-x509 \
-subj
"/C=US/ST=XX/O=MyDomainHERE.com/localityName=MyDomainHERE/organizationName=MyDomainHERE/commonName=MyDomainHERE.com/"
-config openssl.conf
rm openssl.conf
Put into folder /etc/apache2/ssl/
sudo chown root MyDomainHERE.com.crt MyDomainHERE.com.key
sudo chmod 0600 MyDomainHERE.com.crt MyDomainHERE.com.key
mv MyDomainHERE.com.crt /etc/apache2/ssl/MyDomainHERE.com.crt
mv MyDomainHERE.com.key /etc/apache2/ssl/MyDomainHERE.com.key
Then in each client computer download the certificate so that the browser does not warn you about the error:
# MyDomainHERE.com.crt -> “Install”. “Place all certificates in the following store” -> “Browse” -> “Trusted root certification authorities” -> “OK”. Next, Done, Yes.
September, 5 2018
Read also:
Xeoma Web server module
Secure TLS Connection
How to set your private cloud security with Xeoma Cloud
Proxy server setup in Xeoma