[mdlug] Setting up SSL on Apache2

Mark Montague markmont at umich.edu
Mon Sep 21 10:10:16 EDT 2009 

On Mon, Sep 21, 2009 9:49 AM, "Robert Adkins" <radkins at impelind.com> wrote:
> 	I need to make Apache2 only accept SSL connections.
>   

The easiest way: turn off, comment out, or deleted the vhost for port 80 
in your Apache 2 configuration files.  (You don't say what Linux distro 
you're using, or I'd be more specific).

The problem with the above is that if someone tries to use a "normal 
URL" starting with "http://" for your server, they will get a "server 
not responding" error from their web browser.  So what is more common is 
to keep the HTTP vhost on port 80 running, but set up a RedirectMatch 
directive to accept any URL and redirect it to it's HTTPS equivalent on 
port 443.

       RedirectMatch Permanent $/(.*) https://your-server-name/$1

For more information, see 
http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectmatch


> 	I have SSL installed and working on my server and it works like a
> champ for Webmin, which only accepts SSL connections. However, I have the
> Horde webmail client installed, which I want/need to make accessible
> outside, except I must make that use SSL.
>   

Make sure that your Apache configuration directives for Horde are in the 
HTTPS vhost.  In fact, they should not be in the HTTP vhost context 
unless you also want to provide webmail through HTTP in addition to HTTPS.


> 	So far, I believe that I created a proper self-signed certificate,
> installed it properly and setup some proper configurations... Except when I
> tell Apache2 to use it, Apache2 will fail to start, which means I did
> something wrong. I don't know if I grabbed the wrong key/certificate
> combination as that isn't very clear from the documentation.
>   

I thought you said that you had SSL working already, for Webmin?  You 
only need one SSL certificate for each FQDN through which your server 
serves content.  Or are you providing Webmin and Horde through different 
hostnames?

Help us help you by providing the following information:

- What are you doing to "tell Apache2 to use it"?  Please describe the 
steps you are taking.  If you are following documentation, provide a 
link.  Include your mod_ssl configuration directives for your HTTPS vhost.

- When Apache2 fails to start, what error message does it print?

- When Apache2 fails to start, what is written to the Apache2 error log 
file?


                Mark Montague
                markmont at umich.edu

More information about the mdlug mailing list