← Back to Articles

Guide on setup of the SSL connection through Apache (usage of https in Xeoma Web Server)

You can use this instruction on setting Apache up:

1) Install the apache server

sudo apt-get install apache2
 

2) Turn on ssl support on the apache server

sudo a2enmod ssl
sudo a2ensite default-ssl
 

After that, in order to apply the settings, restart the apache server

sudo service apache2 restart
 

3) Create a folder

sudo mkdir /etc/apache2/ssl/
 

4) Copy the certificate (MyDomainHERE.com.crt) and the key(MyDomainHERE.com.key) into this folder. Self-signed certificates can be generated with the help of openssl. See instruction below.

5) Enable support for the needed modules on the apache server.

sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod proxy
sudo a2enmod proxy_http
 

After that, in order to apply the settings, restart the apache server

sudo service apache2 restart
 

6) Edit  the file

/etc/apache2/sites-enabled/default-ssl.conf
 

Following the example

<VirtualHost *:443>
ServerAdmin admin@mydomain.com
ServerName localhost:443
ServerAlias *:443

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/PublicCertificate.pem
SSLCertificateKeyFile /etc/apache2/ssl/PrivateKey.pem

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyVia full

<proxy *>
Order deny,allow
Allow from all
</proxy>

ProxyPass / http://ip-xeoma-server:10090/
ProxyPassReverse / http://ip-xeoma-server:10090/

</VirtualHost>
 
After that, in order to apply the settings, restart the apache server

sudo service apache2 restart

Done. Now when you connect to xeoma web server, ssl encryption will be used in 443 port.


Additionally: Instruction for creating a self-signed certificate.

echo "distinguished_name = req_distinguished_name" >openssl.conf
echo "[ req_distinguished_name ]" >>openssl.conf
echo "basicConstraints = CA:true" >>openssl.conf
echo "[ req_ext ]" >>openssl.conf
echo "subjectAltName = @alt_names" >>openssl.conf
echo "[alt_names]" >>openssl.conf
echo "DNS.1   = ns1.DNSofMyDomainHERE.com" >>openssl.conf
echo "DNS.2   = ns2.DNSofMyDomainHERE.com" >>openssl.conf
openssl req -new -batch -outform PEM -out MyDomainHERE.com.crt -newkey
rsa:2048 -nodes -keyout MyDomainHERE.com.key -keyform PEM -days 99999
-x509 \
  -subj
"/C=US/ST=XX/O=MyDomainHERE.com/localityName=MyDomainHERE/organizationName=MyDomainHERE/commonName=MyDomainHERE.com/"
-config openssl.conf
rm openssl.conf
 

Put into folder /etc/apache2/ssl/

sudo chown root MyDomainHERE.com.crt MyDomainHERE.com.key
sudo chmod 0600 MyDomainHERE.com.crt MyDomainHERE.com.key
mv MyDomainHERE.com.crt      /etc/apache2/ssl/MyDomainHERE.com.crt
mv MyDomainHERE.com.key      /etc/apache2/ssl/MyDomainHERE.com.key
 

Then in each client computer download the certificate so that the browser does not warn you about the error:
# MyDomainHERE.com.crt -> “Install”. “Place all certificates in the following store” -> “Browse” -> “Trusted root certification authorities” -> “OK”. Next, Done, Yes.

September, 5 2018

Read also:
Xeoma Web server module
Secure TLS Connection
How to set your private cloud security with Xeoma Cloud
Proxy server setup in Xeoma