User Tools

Site Tools


apache2 + ssl + debian + virtual hosts

  • Install apache2
sudo apt-get install apache2
  • Activate module and website
sudo a2ensite default-ssl
sudo a2enmod ssl
  • Restart apache
sudo /etc/init.d/apache2 restart
  • Generate self-signed certificates
sudo mkdir /etc/apache2/ssl
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.crt
  • In the last command put the name of your server.
  • The create the two files out of the crt file
cd /etc/apache2/ssl
sudo cp apache.crt apache.pem
sudo cp apache.crt apache.key
  • Edit this files and only leave the certificate key in the .pem file and the private key in the .key file
  • Then edit /etc/apache2/sites-available/defaul-ssl and change to this:
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  • Change permissions of the private key
sudo chmod 600 /etc/apache2/ssl/apache.key
  • Restart again
sudo /etc/init.d/apache2 restart
  • Disable http port. Edit /etc/apache2/ports.conf and comment:
#NameVirtualHost *:80
#Listen 80
  • To have virtual hosts in ssl create a map file /etc/apache2/ssl_map with the server names and their respective document roots:   /var/www  /usr/share/dokuwiki
  • To the file /etc/apache2/sites-available/default-ssl inside the VirtualHost section add the following lines:
### Mass SSL Vhosts ###
RewriteEngine on

#   define two maps: one for fixing the URL and one which defines
#   the available virtual hosts with their corresponding
#   DocumentRoot.
RewriteMap    lowercase    int:tolower
RewriteMap    vhost        txt:/etc/apache2/ssl_map

#   1. make sure we don't map for common locations
RewriteCond   %{REQUEST_URI}  !^/cgi-bin/.*
RewriteCond   %{REQUEST_URI}  !^/icons/.*

#   2. make sure we have a Host header
RewriteCond   %{HTTP_HOST}  !^$

#   3. lowercase the hostname
RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
#   4. lookup this hostname in and
#      remember it only when it is a path
#      (and not "NONE" from above)
RewriteCond   ${vhost:%1}  ^(/.*)$

#   5. finally we can map the URL to its docroot location
#      and remember the virtual host for logging puposes
RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
  • We need the rewrite module:
sudo a2enmod rewrite
  • Restart apache2 and voila!
apache2_ssl_debian.txt · Last modified: 2021/01/31 23:55 (external edit)