The aforementioned instructions/steps worked for me running CentOS. It may very well work for you on Red Hat-like distributions or otherwise. Please note that if you decide to use these instructions to update PHP/MySQL (or other packages) on your machine, you are doing so entirely at your very own discretion and that neither this site, sgowtham.com, nor its author is responsible for any/all damage – intellectual or otherwise.
It has been a while and many things (Apache and Virtual Hosts) have been working smoothly for few years now but I could never quite figure out how to set up the secure portion. Had tried it several times with very little success and a bit more (extensive) search later, I think I have it working properly now. For the sake of completeness, let me just go through with Apache as well as Virtual Hosts.
Apache, PHP, MySQL
It is my practice that I do a full/maximal installation of any linux distribution and that takes care of installing Apache (with all the required modules), PHP, MySQL, etc. I bet there are tons of documents online that you can refer and install them if you don’t already have them.
Let us suppose that ISP does not block port 80 (and 443) and let us further suppose that ISP assigns a static IP address – something like 126.96.36.199. For whatever reason, let us also suppose that we need to serve websites from this address, namely http://mydomain.com/ and http://yourdomain.com/. Since I am using CentOS distribution, the ServerRoot is set to /etc/httpd and the configuration file is located in /etc/httpd/conf/httpd.conf. To accommodate hosting multiple domains, my configuration was made to look as follows (towards the very end):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
NameVirtualHost *:80 DocumentRoot /var/www/html ServerName 188.8.131.52 ServerSignature On DirectoryIndex index.html index.php index.cgi index.pl AccessFileName .htaccess DocumentRoot /var/www/mydomain ServerName mydomain.com ServerSignature On ServerAdmin firstname.lastname@example.org DirectoryIndex index.html index.php index.cgi index.pl AccessFileName .htaccess DocumentRoot /var/www/yourdomain ServerName yourdomain.com ServerSignature On ServerAdmin email@example.com DirectoryIndex index.html index.php index.cgi index.pl AccessFileName .htaccess
It is to be noted, needless to say, that the folders /var/www/html, /var/www/mydomain and /var/www/yourdomain must exist and must contain appropriate content. Also, A Record in the corresponding registrars must point to 184.108.40.206 as the destination. Upon restarting apache (/etc/init.d/httpd restart), these domains should be serving out contents just fine.
HTTPS & Self-Signed Certificates
Now that the non-secure (HTTP) portions are working fine, let us suppose that one of the domains, http://yourdomain.com/ has some contents that need to be served securely (HTTPS) as https://yourdomain.com/secure-content/. It is to be noted that only one of the three (or however many you may have) domain contents can be served in a secure way. First step is to edit /etc/httpd/conf.d/ssl.conf and make (parts of it) look like:
1 2 3 4 5 6
DocumentRoot "/var/www/yourdomain" ServerName yourdomain.com:443 ServerSignature On ServerAdmin firstname.lastname@example.org DirectoryIndex index.html index.php index.cgi index.pl AccessFileName .htaccess
Next step is get Security Certificates but getting them commercially, although more trusted, can be expensive. Especially if the purpose is for testing and such, generating self-signed certificates using built in tools is the most economical way. Again, there are plethora of documents online that provide this information but is included here for completeness purposes:
- First step in this process is to generate the private keys for the server:
openssl genrsa -des3 -out server.key 1024
- Next step is to create a Certificate Signing Request (CSR) to get signed by the CA. Enter appropriate information when prompted.
openssl req -new -key server.key -out server.csr
- Next, CSR needs to be signed with the key generated in Step #1.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- Optionally, one can remove the password from key generated in Step #1.
cp server.key server.key.withpass openssl rsa -in server.key.withpass -out server.key
- Penultimate step is to place these files appropriately:
cp server.key /etc/httpd/conf/ssl.key/ cp server.crt /etc/httpd/conf/ssl.crt/ cp server.csr /etc/httpd/conf/ssl.csr/
- Restart Apache
That’s it. If nothing went wrong in the process, https://yourdomain.com/ should now be serving secure content. The browser should display some warning and the security certificate can be accepted temporarily or permanently before the secure contents can be seen.
A Working Example
I followed these steps to make my website secure – not that there are too many things that need to be served in a secure way. You can check it out if you wish.