Apache SSL
Here is a non-SSL Apache virtual host.
<VirtualHost *:80>
ServerName serverok.in
ServerAdmin [email protected]
DocumentRoot /home/serverok.in/html
CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
<Directory "/home/serverok.in/html">
Options All
AllowOverride All
Require all granted
Order allow,deny
allow from all
</Directory>
</VirtualHost>
To convert it to SSL VirtualHost, first change the port to 443
Find
<VirtualHost *:80>
Replace with
<VirtualHost *:443>
Add the above Directory entry
SSLEngine on
SSLCertificateFile /etc/ssl/DOMAIN.crt
SSLCertificateKeyFile /etc/ssl/DOMAIN.key
The resulting VirtualHost will look like
<VirtualHost *:443>
ServerName serverok.in
ServerAdmin [email protected]
DocumentRoot /home/serverok.in/html
CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCertificateFile /etc/ssl/serverok.in.crt
SSLCertificateKeyFile /etc/ssl/serverok.in.key
<Directory "/home/serverok.in/html">
Options All
AllowOverride All
Require all granted
Order allow,deny
allow from all
</Directory>
</VirtualHost>
For added security, you can use the following config
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:!DSS
Enable mod_ssl
If you get the following error
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
You need to enable mod_ssl, to do this, run
On Debian/Apache, run
sudo a2enmod ssl
Restart Apache
sudo service apache2 restart
Force SSL
You can add the following code to Apache virtualhost for the website
Redirect 301 / https://domain.ltd/