Skip to content

# suggested and other changes to mod_ssl procedure #1464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 11, 2023
Merged

# suggested and other changes to mod_ssl procedure #1464

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 33 additions & 31 deletions docs/guides/web/mod_SSL_apache.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@ contributors: Steven Spencer, David Hensley
update: 20-Jan-2022
---

# 'mod_ssl' on Rocky Linux in an httpd Apache Web-Server Environment
# `mod_ssl` on Rocky Linux in an Apache web server environment

Apache Web-Server has been used for many years now; 'mod_ssl' is used to provide greater security for the Web-Server and can be installed on almost any version of Linux, including Rocky Linux. The installation of 'mod_ssl' will be part of the creation of a Lamp-Server for Rocky Linux.
The Apache web server has existed for many years now. `mod_ssl` provides greater security for the web server and is installable on almost any version of Linux.

This procedure is designed to get you up and running with Rocky Linux using 'mod_ssl' in an Apache Web-Server environment..
This procedure will get you up and running with Rocky Linux and `mod_ssl` in an Apache web server environment.

## Prerequisites

* A Workstation or Server, preferably with Rocky Linux already installed.
* You should be in the Root environment or type `sudo` before all of the commands you enter.
* A workstation or server, preferably with Rocky Linux already installed.
* Able to run commands as *root* or `sudo` to elevate privileges.

## Install Rocky Linux Minimal

Expand All @@ -23,23 +23,23 @@ When installing Rocky Linux, we used the following sets of packages:
* Minimal
* Standard

## Run System Update
## Run updates

First, run the system update command to let the server rebuild the repository cache, so that it could recognize the packages available.
First, run the system update command to let the server rebuild the repository cache to recognize the packages available.

`dnf update`

## Enabling Repositories
## Enabling repositories

With a conventional Rocky Linux Server Installation all necessary Repositories should be in place.
With a conventional Rocky Linux server installation, all necessary repositories will be in place.

## Check The Available Repositories
## Check the available repositories

Just to be sure check your Repository Listing with:
Just to be sure check your repository listing with:

`dnf repolist`

You should get the following back showing all of the enabled repositories:
You will get the following:

```
appstream Rocky Linux 8 - AppStream
Expand All @@ -48,18 +48,18 @@ extras Rocky Linux 8 -
powertools Rocky Linux 8 - PowerTools
```

## Installing Packages
## Installing packages

To install 'mod_ssl', run:
To install `mod_ssl`, run:

`dnf install mod_ssl`

To enable the 'mod_ssl' module, run:
To enable the `mod_ssl` module, run:

`apachectl restart httpd`
`apachectl -M | grep ssl`

You should see an output as such:
You will see:

`ssl_module (shared)`

Expand All @@ -72,11 +72,13 @@ firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reload
```

At this point you should be able to access the Apache Web-Server via HTTPS. Enter `https://your-server-ip` or `https://your-server-hostname` to confirm the 'mod_ssl' configuration.
Ensure that your goal is to have the website open to the world when you add this rule! If not, change the zone or configure the firewall to correct that.

## Generate SSL Certificate
At this point you should be able to access the Apache web server via HTTPS. Enter `https://your-server-ip` or `https://your-server-hostname` to confirm the `mod_ssl` configuration.

To generate a new self-signed certificate for Host rocky8 with 365 days expiry, run:
## Generate SSL/TLS certificate

To generate a self-signed certificate for host rocky8 with 365 days expiry, run:

`openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd.key -x509 -days 365 -out /etc/pki/tls/certs/httpd.crt`

Expand All @@ -103,7 +105,7 @@ Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:rocky8
Email Address []:
```
After this command completes execution, the following two SSL files will be created, run:
After this command completes, the following two SSL/TLS files will be there:

```
ls -l /etc/pki/tls/private/httpd.key /etc/pki/tls/certs/httpd.crt
Expand All @@ -112,13 +114,13 @@ ls -l /etc/pki/tls/private/httpd.key /etc/pki/tls/certs/httpd.crt
-rw-------. 1 root root 1704 Jan 29 16:05 /etc/pki/tls/private/httpd.key
```

## Configure Apache Web-Server with New SSL Certificates
## Configure Apache web server with the SSL/TLS certificates

To include your newly created SSL certificate into the Apache web-server configuration open the ssl.conf file by running:
To include your newly created SSL/TLS certificate into the Apache web server configuration open the `ssl.conf` file by running:

`nano /etc/httpd/conf.d/ssl.conf`

Then change the following lines:
Change the following lines:

FROM:
```
Expand All @@ -131,17 +133,17 @@ SSLCertificateFile /etc/pki/tls/certs/httpd.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
```

Then reload the Apache Web-Server by running:
Reload the Apache web server by running:

`systemctl reload httpd`

## Test the 'mod_ssl' configuration
## Test the `mod_ssl` configuration

Enter the following in a web browser:

`https://your-server-ip` or `https://your-server-hostname`

## To Redirect All HTTP Traffic To HTTPS
## To redirect all HTTP traffic to HTTPS

Create a new file by running:

Expand All @@ -158,16 +160,16 @@ Insert the following content and save file, replacing "your-server-hostname" wit
</VirtualHost/>
```

Apply the change when reloading the Apache service by running:
Apply the change by running:

`systemctl reload httpd`

The Apache Web-Server will now be configured to redirect any incoming traffic from `http://your-server-hostname` to `https://your-server-hostname` URL.
The Apache web server will redirect any incoming traffic from `http://your-server-hostname` to `https://your-server-hostname` URL.

## Final Steps
## Final steps

We have seen how to install and configure 'mod_ssl'. And, create a new SSL Certificate in order to run a Web-Server under HTTPS Service.
You have seen how to install and configure `mod_ssl`, and create a new SSL/TLS certificate to run a web server under HTTPS service.

## Conclusion

This tutorial will be part of the tutorial covering installing a LAMP (Linux, Apache Web-Server, Maria Database-Server, and PHP Scripting Language), Server on Rocky Linux version 8.x. Eventually we will be including images to help better understand the installation.
This tutorial shows the basic installation and use of `mod_ssl`.