Re: converting my local site to be https only access

To: debian-user@lists.debian.org
Subject: Re: converting my local site to be https only access
From: Gene Heskett <gheskett@shentel.net>
Date: Sun, 30 Apr 2017 17:07:47 -0400
Message-id: <[🔎] 201704301707.47693.gheskett@shentel.net>
In-reply-to: <[🔎] 201704291449.04671.gheskett@shentel.net>
References: <[🔎] 201704282335.06170.gheskett@shentel.net> <[🔎] 20170429182127.GY20589@well-adjusted.de> <[🔎] 201704291449.04671.gheskett@shentel.net>

On Saturday 29 April 2017 14:49:04 Gene Heskett wrote:

> On Saturday 29 April 2017 14:21:27 Jochen Spieker wrote:
> > Gene Heskett:
> > > On Saturday 29 April 2017 04:05:01 Felix Dietrich wrote:
> > >> Gene Heskett <gheskett@shentel.net> writes:
> > >>> Where can I find a tut that is a complete instruction set to
> > >>> have it do an auto-redirect to itself, but using the "s" stuff
> > >>> regardless of the accessing client as long as the client can
> > >>> handle the https stuff this conversion will return to the
> > >>> client?
> >
> > What you want to do requires that you understand the basics of
> > Apache's configuration mechanism. You should really start with that.
> >
> > http://httpd.apache.org/docs/2.4/en/getting-started.html
> > http://httpd.apache.org/docs/2.4/en/bind.html
> > http://httpd.apache.org/docs/2.4/en/configuring.html
> > http://httpd.apache.org/docs/2.4/en/urlmapping.html
> > http://httpd.apache.org/docs/2.4/en/vhosts/
> >
I don't have 2.4, 2.2 here on wheezy.

Looking in the docs/2.2/envvars reference and trying some of the commands 
I find I apparently must specify the port # somehow. apache2ctl cannot 
connect on port 80.  It apparently uses /etc/alternatives/www-browser, 
which is a softlink to /usrt/bin/lynx, and guess what?

lynx support at lynx.isc.org has been deleted. And it won't work without 
talking to isc.org first.  Even after being re-installed.

So A: file a bug against lynx, best to remove it as its apparently been 
EOL'd by isc.org

And B: what can I change that softlink in /etc/alternatives to so 
apache2ctl will work against localhost:6309 ?

And C: If I have to learn a new httpd server, is nginx any better than 
apache2?
> > That's really just the basics so you know where to put random things
> > you find on the internet. For your use case, these should also be
> > helpful:
> >
> > http://httpd.apache.org/docs/2.4/en/ssl/
> > http://httpd.apache.org/docs/2.4/en/rewrite/
> >
> > What the upstream Apache documentation does not mention (or care
> > about) is that Debian has its own way of splitting up Apache
> > configuration files. If a random (not Debian- or Ubuntu-specific)
> > tutorial tells you to change your httpd.conf then this is most
> > certainly not the way to do it in Debian.
> >
> > >>> I tried putting those 3 lines quoted numerous times at the
> > >>> bottom of the httpd/conf/httpd.conf, but that killed local
> > >>> access so I assume it also killed external access too.  And its
> > >>> failure did not generate an error.log entry.
> >
> > The bottom of your httpd.conf might be the wrong place to put it. It
> > really depends on your local configuration which we do not know. Do
> > you have a plain Debian installation that you did yourself or do you
> > use an image from a hoster or any other company? What changes have
> > you done to your configuration?
> >
> > What Debian expects most admins to do is drop their own virtual host
> > definitions into /etc/apache2/sites-available/ and use a2ensite to
> > enable them. Global configuration directives can be placed in
> > conf-available/ (use a2enconf).
> >
> > >>> Something was said about the AllowRedirect settings in
> > >>> httpd.conf, but it did not specify what to change it to.
> >
> > Don't touch httpd.conf, it will probably not do what you want to
> > achieve. Instead, edit the virtual host you are using.
> >
> > > Chuckle, point taken, used your search string and got smarter hits
> > > for apache2.  Since my domain registrar is namecheap, I'm reading
> > > this link:
> > > <https://www.namecheap.com/support/knowledgebase/article.aspx/9821
> > >/3 8/redirect-to-https-on-apache>
> >
> > Your domain registrar is irrelevant here. Look for
> > Debian/Ubuntu-specific tutorials after reading up on the basics.
> >
> > > Syntax error on line 71 of /etc/apache2/mods-enabled/ssl.conf:
> > > Invalid command 'Header', perhaps misspelled or defined by a
> > > module not included in the server configuration
> > > Action 'start' failed.
> >
> > Apparently the header module is not enabled in your configuration.
> > You can do so by running "a2enmod headers".
>
> Not being fam with this a2enmod thing, I just used mc to make a
> softlink. That moved the error and changed it a wee bit, to line 72,
> which had the keyword always spelled alway. Fixed, start right up. I
> can only see it at localhost, so I've no clue if the link in my sig
> works or not.
>
> If it redirects to https and the front page pix loads, I'm good to go
> I think.
>
> > > If you install the ssl-cert package, a self-signed certificate
> > > will be automatically created using the hostname currently
> > > configured on your computer.
>
> Which is not the same as the dns servers returns.
>
> > If your machine is publicly available, there is really no reason
> > anymore to use self-signed certificates -- except for testing,
> > probably. If your configuration works with your self-signed
> > certificate, you should consider using Let's Encrypt.
> >
> > > So in internal name and the one in the sig don't match?
> > > So which name will it use if I run the above cert generator
> > > command?
> >
> > Nowadays you can run more than one VirtualHosts even with only one
> > IP address. You just set up regular virtual hosts which use their
> > own certificates.
> >
> > I cannot comment on the other errors you are getting, but (just in
> > case I didn't stress it enough :)) I think your life will become a
> > lot easier once you master the basics of Apache. The creation of SSL
> > certificates actually becomes a lot easier with Let's Encrypt.
>
> Those are done I believe:
> root@coyote:/etc/httpd/conf# ls -l /etc/ssl/private/
> total 8
> lrwxrwxrwx 1 root root       18 Apr 29 10:27 fba0a812 ->
> ssl-cert-genes.key
> -rw------- 1 root root     2798 Apr 29 10:27 ssl-cert-genes.key
> -rw-r----- 1 root ssl-cert 1704 Apr 29 08:46 ssl-cert-snakeoil.key
>
> Unless thats not enough.
>
> > J.
>
> Thanks, Jochen Spieker.
>
> Cheers, Gene Heskett


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: converting my local site to be https only access
  - From: Dejan Jocic <jodejka@gmail.com>
- Re: converting my local site to be https only access
  - From: Eike Lantzsch <zp6cge@gmx.net>

References:
- converting my local site to be https only access
  - From: Gene Heskett <gheskett@shentel.net>
- Re: converting my local site to be https only access
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: converting my local site to be https only access
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: ls: cannot access '/sys/class/ieee80211/': No such file or directory
Next by Date: Re: converting my local site to be https only access
Previous by thread: Re: converting my local site to be https only access
Next by thread: Re: converting my local site to be https only access
Index(es):
- Date
- Thread