Apache-ssl

From Wikifications
Revision as of 16:54, 16 April 2005 by Dre (Talk | contribs) (initial rev from backup)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

apache-ssl docs:

http://www.apache-ssl.org/

http://mars.post1.com/home/ngps/m2/howto.ca.html

Installed apache-ssl from ports, edited the config file located at:

/usr/local/etc/apache/httpsd.conf

For now just providing basic service, until I get the website data itself migrated from the old server.

Created a startup script in /usr/local/etc/rc.d. Don't forget to make it executable :)

#!/bin/sh -
#
#    initialization/shutdown script for apache-ssl
case "$1" in
start)
        /usr/local/sbin/httpsdctl start && echo -n ' apache-ssl'
        ;;
stop)
        /usr/local/sbin/httpsdctl stop && echo -n ' apache-ssl'
        ;;
*)
        echo "unknown option: $1 - should be 'start' or 'stop'" >&2
        ;;
esac

I have finished rsyncing the websites up; next step is to get php and mysql happy, then migrate the config files.

SSL Certificates: I'm creating my own. Screw the man.

Configure the main apache config file by customizing defaults. Items of interest include default log paths, and the following related to SSL:

SSLDisable
SSLCacheServerPath      /usr/local/sbin/gcache
SSLCacheServerPort      /var/log/httpsd/gcache_port
SSLCacheServerRunDir    /var/tmp
SSLSessionCacheTimeout  300
SSLCACertificateFile    /usr/local/etc/apache/CA/cacert.pem
SSLCertificateFile      /usr/local/etc/apache/CA/server_cert.pem
SSLCertificateKeyFile   /usr/local/etc/apache/CA/server_key.pem

Add Listen and NameVirtualHost directives as needed. In this example, both names point to 1.2.3.4

Listen 1.2.3.4:80
Listen 1.2.3.4:443
NameVirtualHost www.domain.com:80
NameVirtualHost secure.domain.com:443

I like to put my vhost configs into their own files, so at the end of the main config file:

Include /usr/local/etc/apache/vhosts/*.conf

Here is a sample vhost block. If this was to be an SSL enabled site, we would use 443 instead of 80 and add the SSLEnable directive.

<VirtualHost www.domain.com:80>
        ServerAdmin you@domain.com
        DocumentRoot /home/websites/hotstuff
        ServerName www.domain.com
        ServerAlias domain.com
        ErrorLog /var/log/httpsd/hotstuff-error.log
        CustomLog /var/log/httpsd/hotstuff-access.log combined
        <Directory "/home/websites/meta">
                Options Indexes -FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

Perhaps someday I'll do apache2: http://www.openna.com/documentations/articles/apache/index.php

back to meta