[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: converting my local site to be https only access



On Saturday 29 April 2017 14:21:27 Jochen Spieker wrote:

> Gene Heskett:
> > On Saturday 29 April 2017 04:05:01 Felix Dietrich wrote:
> >> Gene Heskett <gheskett@shentel.net> writes:
> >>> Where can I find a tut that is a complete instruction set to have
> >>> it do an auto-redirect to itself, but using the "s" stuff
> >>> regardless of the accessing client as long as the client can
> >>> handle the https stuff this conversion will return to the client?
>
> What you want to do requires that you understand the basics of
> Apache's configuration mechanism. You should really start with that.
>
> http://httpd.apache.org/docs/2.4/en/getting-started.html
> http://httpd.apache.org/docs/2.4/en/bind.html
> http://httpd.apache.org/docs/2.4/en/configuring.html
> http://httpd.apache.org/docs/2.4/en/urlmapping.html
> http://httpd.apache.org/docs/2.4/en/vhosts/
>
> That's really just the basics so you know where to put random things
> you find on the internet. For your use case, these should also be
> helpful:
>
> http://httpd.apache.org/docs/2.4/en/ssl/
> http://httpd.apache.org/docs/2.4/en/rewrite/
>
> What the upstream Apache documentation does not mention (or care
> about) is that Debian has its own way of splitting up Apache
> configuration files. If a random (not Debian- or Ubuntu-specific)
> tutorial tells you to change your httpd.conf then this is most
> certainly not the way to do it in Debian.
>
> >>> I tried putting those 3 lines quoted numerous times at the bottom
> >>> of the httpd/conf/httpd.conf, but that killed local access so I
> >>> assume it also killed external access too.  And its failure did
> >>> not generate an error.log entry.
>
> The bottom of your httpd.conf might be the wrong place to put it. It
> really depends on your local configuration which we do not know. Do
> you have a plain Debian installation that you did yourself or do you
> use an image from a hoster or any other company? What changes have you
> done to your configuration?
>
> What Debian expects most admins to do is drop their own virtual host
> definitions into /etc/apache2/sites-available/ and use a2ensite to
> enable them. Global configuration directives can be placed in
> conf-available/ (use a2enconf).
>
> >>> Something was said about the AllowRedirect settings in httpd.conf,
> >>> but it did not specify what to change it to.
>
> Don't touch httpd.conf, it will probably not do what you want to
> achieve. Instead, edit the virtual host you are using.
>
> > Chuckle, point taken, used your search string and got smarter hits
> > for apache2.  Since my domain registrar is namecheap, I'm reading
> > this link:
> > <https://www.namecheap.com/support/knowledgebase/article.aspx/9821/3
> >8/redirect-to-https-on-apache>
>
> Your domain registrar is irrelevant here. Look for
> Debian/Ubuntu-specific tutorials after reading up on the basics.
>
> > Syntax error on line 71 of /etc/apache2/mods-enabled/ssl.conf:
> > Invalid command 'Header', perhaps misspelled or defined by a module
> > not included in the server configuration
> > Action 'start' failed.
>
> Apparently the header module is not enabled in your configuration. You
> can do so by running "a2enmod headers".
>
Not being fam with this a2enmod thing, I just used mc to make a softlink.  
That moved the error and changed it a wee bit, to line 72, which had the 
keyword always spelled alway. Fixed, start right up. I can only see it 
at localhost, so I've no clue if the link in my sig works or not.

If it redirects to https and the front page pix loads, I'm good to go I 
think.

> > If you install the ssl-cert package, a self-signed certificate will
> > be automatically created using the hostname currently configured on
> > your computer.

Which is not the same as the dns servers returns.
>
> If your machine is publicly available, there is really no reason
> anymore to use self-signed certificates -- except for testing,
> probably. If your configuration works with your self-signed
> certificate, you should consider using Let's Encrypt.
>
> > So in internal name and the one in the sig don't match?
> > So which name will it use if I run the above cert generator command?
>
> Nowadays you can run more than one VirtualHosts even with only one IP
> address. You just set up regular virtual hosts which use their own
> certificates.
>
> I cannot comment on the other errors you are getting, but (just in
> case I didn't stress it enough :)) I think your life will become a lot
> easier once you master the basics of Apache. The creation of SSL
> certificates actually becomes a lot easier with Let's Encrypt.

Those are done I believe:
root@coyote:/etc/httpd/conf# ls -l /etc/ssl/private/
total 8
lrwxrwxrwx 1 root root       18 Apr 29 10:27 fba0a812 -> 
ssl-cert-genes.key
-rw------- 1 root root     2798 Apr 29 10:27 ssl-cert-genes.key
-rw-r----- 1 root ssl-cert 1704 Apr 29 08:46 ssl-cert-snakeoil.key

Unless thats not enough.
>
> J.

Thanks, Jochen Spieker.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>


Reply to: