[mdlug] Setting up SSL on Apache2
Mark Montague
markmont at umich.edu
Mon Sep 21 10:10:16 EDT 2009
On Mon, Sep 21, 2009 9:49 AM, "Robert Adkins" <radkins at impelind.com> wrote:
> I need to make Apache2 only accept SSL connections.
>
The easiest way: turn off, comment out, or deleted the vhost for port 80
in your Apache 2 configuration files. (You don't say what Linux distro
you're using, or I'd be more specific).
The problem with the above is that if someone tries to use a "normal
URL" starting with "http://" for your server, they will get a "server
not responding" error from their web browser. So what is more common is
to keep the HTTP vhost on port 80 running, but set up a RedirectMatch
directive to accept any URL and redirect it to it's HTTPS equivalent on
port 443.
RedirectMatch Permanent $/(.*) https://your-server-name/$1
For more information, see
http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectmatch
> I have SSL installed and working on my server and it works like a
> champ for Webmin, which only accepts SSL connections. However, I have the
> Horde webmail client installed, which I want/need to make accessible
> outside, except I must make that use SSL.
>
Make sure that your Apache configuration directives for Horde are in the
HTTPS vhost. In fact, they should not be in the HTTP vhost context
unless you also want to provide webmail through HTTP in addition to HTTPS.
> So far, I believe that I created a proper self-signed certificate,
> installed it properly and setup some proper configurations... Except when I
> tell Apache2 to use it, Apache2 will fail to start, which means I did
> something wrong. I don't know if I grabbed the wrong key/certificate
> combination as that isn't very clear from the documentation.
>
I thought you said that you had SSL working already, for Webmin? You
only need one SSL certificate for each FQDN through which your server
serves content. Or are you providing Webmin and Horde through different
hostnames?
Help us help you by providing the following information:
- What are you doing to "tell Apache2 to use it"? Please describe the
steps you are taking. If you are following documentation, provide a
link. Include your mod_ssl configuration directives for your HTTPS vhost.
- When Apache2 fails to start, what error message does it print?
- When Apache2 fails to start, what is written to the Apache2 error log
file?
Mark Montague
markmont at umich.edu
More information about the mdlug
mailing list