Apache SSL
Here is a non SSL apache virtual host.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
<VirtualHost *:80> ServerName serverok.in ServerAdmin admin@serverok.in DocumentRoot /home/serverok.in/html CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined <Directory "/home/serverok.in/html"> Options All AllowOverride All Require all granted Order allow,deny allow from all </Directory> </VirtualHost> |
To convert it to SSL VirtualHost, first change port to 443
Find
1 |
<VirtualHost *:80> |
Replace with
1 |
<VirtualHost *:443> |
Add above Directory entry
1 2 3 4 5 6 7 |
SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SSLCertificateFile /etc/ssl/DOMAIN.crt SSLCertificateKeyFile /etc/ssl/DOMAIN.key SSLCACertificateFile /etc/ssl/DOMAIN.ca Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" |
The resulting VirtualHost will look like
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
<VirtualHost *:443> ServerName serverok.in ServerAdmin admin@serverok.in DocumentRoot /home/serverok.in/html CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /etc/ssl/serverok.in.crt SSLCertificateKeyFile /etc/ssl/serverok.in.key SSLCACertificateFile /etc/ssl/serverok.in.ca-bundle <Directory "/home/serverok.in/html"> Options All AllowOverride All Require all granted Order allow,deny allow from all </Directory> </VirtualHost> |
Enable mod_ssl
If you get following error
Invalid command ‘SSLEngine’, perhaps misspelled or defined by a module not included in the server configuration
You need to enable mod_ssl, to do this, run
On Debian/Apache, run
1 |
a2enmod ssl |
Restart Apache
1 |
service apache2 restart |
Force SSL
You can add following code to apache virtualhost for the web site
1 |
Redirect 301 / https://domain.ltd/ |