← Back to Articles

Guide on setup of the SSL connection through Apache (usage of https in Xeoma Web Server)

You can use this instruction on setting Apache up:

1) Install the apache server

sudo apt-get install apache2
 

2) Turn on ssl support on the apache server

sudo a2enmod ssl
sudo a2ensite default-ssl
 

After that, in order to apply the settings, restart the apache server

sudo service apache2 restart
 

3) Create a folder

sudo mkdir /etc/apache2/ssl/
 

4) Copy the certificate (MyDomainHERE.com.crt) and the key(MyDomainHERE.com.key) into this folder. Self-signed certificates can be generated with the help of openssl. See instruction below.

5) Enable support for the needed modules on the apache server.

sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod proxy
sudo a2enmod proxy_http
 

After that, in order to apply the settings, restart the apache server

sudo service apache2 restart
 

6) Edit  the file

/etc/apache2/sites-enabled/default-ssl.conf
 

Following the example

<VirtualHost *: 443>
                 ServerAdmin webmaster @ localhost
                 ServerName localhost: 443
                 ServerAlias *: 443

                # Disable Logging
                #LogLevel info ssl: warn
                LogLevel crit ssl: crit
                SetEnv dontlog 1
                 LogFormat "%h %l %u [%{%d/%b/%Y %T}t.%{msec_frac}t
%{%z}t] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{refid}C\"
%D" comb$
                CustomLog ${APACHE_LOG_DIR}/xeoma_access.log
combinedtracking env=!dontlog
                ErrorLog ${APACHE_LOG_DIR}/xeoma_error.log

                RewriteEngine on
                SSLEngine on
                SSLProtocol all -SSLv3 -SSLv2
               SSLCertificateFile       /etc/apache2/ssl/MyDomainHERE.com.crt
               SSLCertificateKeyFile   /etc/apache2/ssl/MyDomainHERE.com.key
                RewriteRule "^(.*)/$" http://localhost:10090$1 [P,L]
                <proxy>

                       Require all granted
                        ProxyPass http://localhost:10090/
                        RequestHeader set X-Forwarded-Proto "http" 
expr=%{HTTPS}!='on'
                        RequestHeader set X-Forwarded-Proto "https"
expr=%{HTTPS}=='on'
                </proxy>
                BrowserMatch "MSIE [2-6]" nokeepalive
ssl-unclean-shutdown downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
 
After that, in order to apply the settings, restart the apache server

sudo service apache2 restart

Done. Now when you connect to xeoma web server, ssl encryption will be used in 443 port.


Additionally: Instruction for creating a self-signed certificate.

echo "distinguished_name = req_distinguished_name" >openssl.conf
echo "[ req_distinguished_name ]" >>openssl.conf
echo "basicConstraints = CA:true" >>openssl.conf
echo "[ req_ext ]" >>openssl.conf
echo "subjectAltName = @alt_names" >>openssl.conf
echo "[alt_names]" >>openssl.conf
echo "DNS.1   = ns1.DNSofMyDomainHERE.com" >>openssl.conf
echo "DNS.2   = ns2.DNSofMyDomainHERE.com" >>openssl.conf
openssl req -new -batch -outform PEM -out MyDomainHERE.com.crt -newkey
rsa:2048 -nodes -keyout MyDomainHERE.com.key -keyform PEM -days 99999
-x509 \
  -subj
"/C=US/ST=XX/O=MyDomainHERE.com/localityName=MyDomainHERE/organizationName=MyDomainHERE/commonName=MyDomainHERE.com/"
-config openssl.conf
rm openssl.conf
 

Put into folder /etc/apache2/ssl/

sudo chown root MyDomainHERE.com.crt MyDomainHERE.com.key
sudo chmod 0600 MyDomainHERE.com.crt MyDomainHERE.com.key
mv MyDomainHERE.com.crt      /etc/apache2/ssl/MyDomainHERE.com.crt
mv MyDomainHERE.com.key      /etc/apache2/ssl/MyDomainHERE.com.key
 

Then in each client computer download the certificate so that the browser does not warn you about the error:
# MyDomainHERE.com.crt -> “Install”. “Place all certificates in the following store” -> “Browse” -> “Trusted root certification authorities” -> “OK”. Next, Done, Yes.

September, 5 2018

Read also:
Xeoma Web server module
Secure TLS Connection
How to set your private cloud security with Xeoma Cloud
Proxy server setup in Xeoma