How To Add SSL Encryption To HTTP?

Carlwill · 2010-09-30 13:29:56

So I have a web server running on my Arch Linux server. The document root for my server is the default '/srv/http' directory. My question is how can I force my website to use HTTPS / 443 encryption for my /wiki & /webmail paths? Generally when I go to my website the URL is as follows:

www.iamghost.com (This is just the main site and runs on port 80)

www.iamghost.com/wiki (This is just a folder under my docement root '/srv/http/wiki')

www.iamghost.com/webmail (This too is just another folder under my document root '/srv/http/webmail')

I would like to use my existing SSL certificates (self signed and generated with openssl) to force the 'wiki' & 'webmail' folders to run on port 443 rather than port 80. I don't know how to do this so I am posting my 'httpd.conf' file below so maybe someone can show or help me add the following entries to get this to work. My public and private SSL keys are stored in '/etc/ssl' and are already working for Postfix on the same server.

My 'httpd.conf':

ServerRoot "/etc/httpd"

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

User http
Group http

</IfModule>
</IfModule>

ServerAdmin postmaster@iamghost.com

ServerName www.iamghost.com:80

DocumentRoot "/srv/http"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory "/srv/http">
    
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>


<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "/var/log/httpd/error_log"

LogLevel warn

<IfModule log_config_module>
   
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "/var/log/httpd/access_log" common

  </IfModule>

<IfModule alias_module>
    
    ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    
</IfModule>

<Directory "/srv/http/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
  
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>



Include conf/extra/httpd-multilang-errordoc.conf

Include conf/extra/httpd-autoindex.conf

Include conf/extra/httpd-languages.conf

Include conf/extra/httpd-userdir.conf

Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

Include conf/extra/php5_module.conf

#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

madeye · 2010-09-30 16:47:28

Not sure if this can help you, as I am using sub domains for my webmail access. But I found the following information interesting when I needed to force it to use https.

http://www.cyberciti.biz/tips/howto-apa … tions.html

Here is an excerpt from comment 32 on that page. And this is exactly the solution I used.

I was able to get a HTTP to HTTPS redirect working.

I put the redirect permanent in httpd.conf, in the section for a specific NameVirtualHost listener:
<NameVirtualHost 122.123.124.1:80>

    ServerName mywebsite.com:80
    ServerAlias http://www.mywebsite.com:80
    ServerAlias 122.123.124.1:80
    Redirect permanent / https://www.mywebsite.com/

</VirtualHost>

Arch Linux

#1 2010-09-30 13:29:56

How To Add SSL Encryption To HTTP?

#2 2010-09-30 16:47:28

Re: How To Add SSL Encryption To HTTP?

Board footer