Apache24 SSL(HTTPS) Basic Configuration and Force HTTPS connections

-
step 1. Edit config file '/usr/local/etc/apache24/httpd.conf' remove the # sign before these lines.


#LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule ssl_module libexec/apache24/mod_ssl.so
#Include etc/apache24/extra/httpd-ssl.conf

In Apache2.2 [mod_socache_shmcb] is uncommented in httpd.conf by default.From Apache 2.4 [mod_socache_shmcb] is commented

step 2. edit /usr/local/etc/apache24/extra/httpd-ssl.conf file. Modify these lines and configure the appropriate settings.


ServerName www.example.com:443 [optional]
ServerAdmin you@example.com    [optional]
SSLCertificateFile "/usr/local/etc/apache24/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache24/server.key"

>>>


ServerName domain_or_ip:443
ServerAdmin master@mail_server
SSLCertificateFile "path/fullchain.pem"
SSLCertificateKeyFile "path/privkey.pem"

step 3. Force HTTPS connections
3 solutions. Redirect Request to SSL.

Using .htaccess files and redirect
Using mod_rewrite

To make sure all traffic is served via SSL:

LoadModule rewrite_module libexec/apache2/mod_rewrite.so
 
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Using virtual hosts (using redirect)

While the < VirtualHost > solution is recommended because it is simpler and safer
If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary Redirect directive inside the non-secure VirtualHost:

Edit config file '/usr/local/etc/apache24/httpd.conf' remove the # Include vhosts.conf.

# Virtual hosts
Include etc/apache24/extra/httpd-vhosts.conf



<virtualhost *:80>
    ServerName example.com
    Redirect permanent / https://example.com/
</virtualhost>

<virtualhost *:80>
    ServerName www.example.com
    Redirect permanent / https://www.example.com/
</virtualhost>

Note: Once the configuration is working as intended, a permanent redirection can be considered. This avoids caching issues by most browsers while testing. The directive would then become:


Comments

Post a Comment

Popular posts from this blog

Python3 + Django + uWSGI + Nginx On FreeBSD

-
1. uWSGI Installation. $ sudo pip-3.6 install uwsgi Collecting uwsgi Downloading uwsgi-2.0.17.tar.gz (798kB) 100% |################################| 798kB 709kB/s Installing collected packages: uwsgi Running setup.py install for uwsgi ... done Successfully installed uwsgi-2.0.17 1.1 Basic test Let’s start with a simple “Hello World” example: def application(env, start_response): start_response('200 OK', [('Content-Type','text/html')]) return [b"Hello World"] As you can see, it is composed of a single Python function. It is called “application” as this is the default function that the uWSGI Python loader will search for (but you can obviously customize it). 1.2 Now start uWSGI to run an HTTP server/router passing requests to your WSGI application: uwsgi --http :9090 --wsgi-file foobar.py 2.Installing Django. Install Django into your virtualenv , create a new project $ mkproject django $ pip install Django Collecting Django ...
Read more

arduino最小構成 (atmega328/8MHz/3.3V/内部クロック)FT232RLにてブートローダーの書き込み

-
Image
1.部品 ATMEGA328P-PU USBシリアル変換モジュールFT232RL 0.1μFコンデンサ ブレッドボード ジャンパーワイヤ 2.ROM,DRIVER,書き込み用ソフトの準備 breadboard-1-6-x.zip をダウンロードして展開します。 FTAVRW : FT232-AVR Writerの ftavrw_v121b.zip をダウンロードして展開します。 https://www.ftdichip.com/Drivers/VCP.htm FTDIドライバをダウンロードして展開、インストールします。 3.ブートローダーの書き込み 配線 下図はブレッドボード上に配線した例です。 ftavrwg.exeをクリックして実行します。 avr info ボタンを押下し、情報が取得されたら配線はOKです。 ATmegaBOOT_168_atmega328_pro_8MHz.hexを選択し、書き込みます。 下図のようなメッセージが出ましたら、書き込みが完了です。 boards.txtを確認して、FUSEを書き込みます。 下図のようなメッセージが出ましたら、書き込みが完了です。 4.スケッチの書き込み 配線 下図はスケッチの配線例です。注意: RESET に 0.1μF のコンデンサを噛ます必要があります arduino IDEを開いてexamples(Blink)を書き込んでみます。 書き込みは無事にできました。Blinkもちゃんと動いています。
Read more

FreeBSD: Configuring Apache to permit CGI

-
In httpd.conf file make sure the "cgi" LoadModule directive has not been commented out. A correctly configured directive may look like this: <IfModule mpm_prefork_module> LoadModule cgi_module libexec/apache24/mod_cgi.so </IfModule> Explicitly using Options to permit CGI execution To allow CGI program execution for any file ending in .cgi in users' directories, you can use the following configuration. <VirtualHost *:80> DocumentRoot "/usr/local/www/apache24/e" ServerName www.example.com ErrorLog "/var/log/e-error_log" CustomLog "/var/log/e-access_log" common <Directory "/usr/local/www/apache24/e/"> Order allow,deny Allow from all Require all granted Options +ExecCGI AddHandler cgi-script .cgi </Directory> </VirtualHost> <Directory "/home/*/public_html"> Options +ExecCGI AddHandler cgi-script .cgi </Di...
Read more