Javiertury (talk | contribs) |
Javiertury (talk | contribs) |
||
| Line 28: | Line 28: | ||
$ mv certificate.crt /etc/pki/tls/certs/hostname.crt</pre> | $ mv certificate.crt /etc/pki/tls/certs/hostname.crt</pre> | ||
==== | ==== Modify default settings ==== | ||
If you want to install the certificate as default open /etc/httpd/conf.d/ssl.conf and edit this lines | If you want to install the certificate as default open /etc/httpd/conf.d/ssl.conf and edit this lines | ||
<pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt | <pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt | ||
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre> | SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre> | ||
==== Settings for specific hosts==== | |||
==== | |||
If you want to install the certificate only for a specific host open that host configuration file, usually <code>/etc/httpd/conf.d/hostname.conf</code>, and paste this lines between <VirtualHost hostname:port> and </VirtualHost> | If you want to install the certificate only for a specific host open that host configuration file, usually <code>/etc/httpd/conf.d/hostname.conf</code>, and paste this lines between <VirtualHost hostname:port> and </VirtualHost> | ||
<pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt | <pre>SSLCertificateFile /etc/pki/tls/certs/hostname.crt | ||
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre> | SSLCertificateKeyFile /etc/pki/tls/private/hostname.key</pre> | ||
If you want that an specific hosts doesn't use SSL, paste this line between <VirtualHost hostname:port> and </VirtualHost> in that host configuration file | |||
<pre> SSLEngine off</pre> | |||
== Configuration == | == Configuration == | ||
Revision as of 23:42, 1 May 2014
The Apache HTTP Server is the main web server worldwide
Installation
$ su root $ yum install httpd
If you want SSL support install also openssl and mod_ssl
$ yum install openssl mod_ssl
Enable start on boot
$ systemctl enable httpd
Create self signed certificate
Install crypto-utils
$ yum install crypto-utils
Use genkey to create a certificate for a new hostname
$ genkey hostname
If your server already has a valid certificate and you want to replace use this to set a different serial number so that clients notice the change in certificate and update to the new one without failing
$ openssl req -x509 -new -set_serial number -key hostname.key -out hostname.crt
Install a certificate
If your certificate was generated in another computer move the certificate and the key file to the correct folder
$ mv key_file.key /etc/pki/tls/private/hostname.key $ mv certificate.crt /etc/pki/tls/certs/hostname.crt
Modify default settings
If you want to install the certificate as default open /etc/httpd/conf.d/ssl.conf and edit this lines
SSLCertificateFile /etc/pki/tls/certs/hostname.crt SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
Settings for specific hosts
If you want to install the certificate only for a specific host open that host configuration file, usually /etc/httpd/conf.d/hostname.conf, and paste this lines between <VirtualHost hostname:port> and </VirtualHost>
SSLCertificateFile /etc/pki/tls/certs/hostname.crt SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
If you want that an specific hosts doesn't use SSL, paste this line between <VirtualHost hostname:port> and </VirtualHost> in that host configuration file
SSLEngine off
Configuration
Configuration files are stored under /etc/httpd/conf.d/ and /etc/httpd/conf/httpd.conf is the main configuration file
Opening ports
Apache uses port 80 for plain http connections and port 443 for SSL connections by default. To make this service available from other computers or the Internet your have to allow Apache through the firewall like this
For plain http connections
$ firewall-cmd --permanent --add-service=http
For SSL connections
$ firewall-cmd --permanent --add-service=https
Disable test page
To disable the test page comment out all the lines in this file /etc/httpd/conf.d/welcome.conf