Wissen

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Sie befinden sich hier: Start » ubuntu_14.04_mit_apache_und_ssl
Zuletzt angesehen: security_key ffmpeg iptables mysql-dump zfs
ubuntu_14.04_mit_apache_und_ssl

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
ubuntu_14.04_mit_apache_und_ssl [2015-04-02 11:56:04] – [Vorbereitungen] manfredubuntu_14.04_mit_apache_und_ssl [2024-04-05 14:40:07] (aktuell) – [HTTPS mit Apache auf Ubuntu - Kurzfassung] manfred
Zeile 1: Zeile 1:
 +====== Ubuntu 14.04 mit Apache und SSL ======
 +
 +===== HTTPS mit Apache auf Ubuntu - Kurzfassung =====
 +
 +  * [[::EDV:ssl-schluessel_generieren#im_apache_https_aktivieren]]
 +
 +  - ''aptitude install apache2 php5''
 +    - ''a2enmod php5 rewrite status info''
 +      - ''vi /etc/apache2/mods-enabled/status.conf''
 +        - ''Allow from 192.168.0.0/16''
 +      - [[http://server.de/server-status]]
 +      - ''vi /etc/apache2/mods-enabled/info.conf''
 +        - ''Allow from 192.168.0.0/16''
 +      - [[http://server.de/server-info]]
 +    - ''service apache2 restart''
 +    - Der SSL-Schlüssel mit selbst signiertem Zertifikat generieren.
 +      - ''openssl genrsa -out server.key 4096''
 +      - ''openssl req -rand /dev/urandom -sha512 -new -x509 -newkey rsa:4096 -nodes -keyout server.key -keyform PEM -out server.crt -outform PEM -subj "/emailAddress=benutzer@server.de/C=DE/ST=Hessen/L=Frankfurt/O=Firma/OU=Abteilung/CN=server.de" -days 7000''
 +      - ''chmod 0600 server.*''
 +      - ''openssl x509 -noout -subject -issuer -dates -in server.crt''
 +      - ''mv server.crt /etc/ssl/certs/server.crt''
 +      - ''mv server.key /etc/ssl/private/server.key''
 +    - ''vi /etc/apache2/sites-available/default-ssl''
 +      - ''SSLCertificateFile    /etc/ssl/certs/server.crt''
 +      - ''SSLCertificateKeyFile /etc/ssl/private/server.key''
 +    - ''a2ensite default-ssl''
 +    - ''a2enmod ssl''
 +    - ''service apache2 restart''
 +
 +
 +===== komplette Konfiguration =====
 +
 +
 +==== Vorbereitungen ====
 +
 +  > locale-gen de_DE.UTF-8
 +  > dpkg-reconfigure locales
 +
 +  > aptitude install apache2
 +  > a2dismod cache_disk
 +  > a2enmod cache
 +  > a2enmod socache_memcache
 +  > a2enmod rewrite
 +  > a2enmod ssl
 +
 +  > mkdir -p /etc/apache2/ssl
 +  > openssl req -rand /dev/urandom -sha512 -newkey rsa:4096 -nodes -new -x509 -days 3650 -out /etc/apache2/ssl/server.pem -keyout /etc/apache2/ssl/server.pem
 +  > chmod 600 /etc/apache2/ssl/server.pem
 +  > ln -sf /etc/apache2/ssl/server.pem /etc/apache2/ssl/$(/usr/bin/openssl x509 -noout -hash -in /etc/apache2/ssl/server.pem).0
 +
 +CRT ansehen:
 +  > openssl x509 -noout -text -in /etc/apache2/ssl/server.pem
 +
 +  > vi /etc/apache2/mods-enabled/ssl.conf
 +<file>
 +        SSLCompression off
 +
 +        ...
 +        #SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5
 +        SSLCipherSuite TLSv1.2
 +        ...
 +        SSLHonorCipherOrder     on
 +        ...
 +        #SSLProtocol all
 +        SSLProtocol -ALL +TLSv1.2
 +        ...
 +</file>
 +
 +  > rm /etc/apache2/sites-enabled/*
 +
 +  > vi /etc/apache2/ports.conf
 +
 +mit [[http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html|Rewrite]] eine Portweiterleitung [[https://wiki.apache.org/httpd/RewriteHTTPToHTTPS|80 -> 443]] einrichten:
 +  > vi /etc/apache2/sites-enabled/extras.conf
 +<file>
 +HostnameLookups Off
 +UseCanonicalName Off
 +ServerSignature Off
 +
 +#------------------------------------------------------------------------------#
 +#
 +# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
 +#
 +
 +RewriteEngine On
 +# This will enable the Rewrite capabilities
 +
 +RewriteCond %{HTTPS} !=on
 +# This checks to make sure the connection is not already HTTPS
 +
 +RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
 +# This rule will redirect users from their original location, to the same location but using HTTPS.
 +# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
 +# The leading slash is made optional so that this will work either in httpd.conf
 +# or .htaccess context
 +
 +#------------------------------------------------------------------------------#
 +
 +<Directory "/var/www">
 +        Options FollowSymlinks
 +        #AllowOverride None
 +        AllowOverride All
 +        Require all granted
 +</Directory>
 +</file>
 +
 +  > cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/server.conf
 +  > vi /etc/apache2/sites-enabled/server.conf
 +<file>
 +                ...
 +                #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
 +                #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 +                SSLCertificateFile      /etc/apache2/ssl/server.pem
 +                ...
 +</file>
 +
 +  > service apache2 restart