** Stephen Davies <[email protected]> [2015-05-01 17:50]:
> I'm finally getting around to enabling HTTPS on my little webserver.
> It runs APACHe with three VirtualHosts.
>
> I've configured my Router to forward https request (port 443) to my
> webserver but all I get back is the default web page.
> This is nothing more than a placeholder page and not one of the virtual
> hosts.
> Any pointers as to how to do it would be most welcome.
** end quote [Stephen Davies]
Oddly, I've just done that for all my domains in the past week or so. I suspect
that what you need to do is modify your Apache config to tell it that the
websites are on port 443 now. I have something like this at the beginning:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
# Redirect permanent / https://www.example.com/
Redirect / https://www.example.com/
</VirtualHost>
This redirects traffic that is coming in to port 80 to https. The hashed out
line is because I've not switched the redirect to permanent yet, and will
replace the line below when I do.
Then the port 443 section for the actual site:
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /etc/aptanet/certs/aptanet_org.crt
SSLCertificateChainFile /etc/aptanet/certs/sub.class1.server.ca.pem
SSLCertificateKeyFile /etc/aptanet/certs/aptanet_org.key
SSLCACertificateFile /etc/aptanet/certs/ca.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
#
# the rest of your config here
#
</VirtualHost>
StartSSL are pretty good for a basic free SSL certificate, although it needs
yearly renewal.
Actually, I say beginning, my config is split into separate files, one for each
domain, so if you are using a single httpd.conf you'll need to locate these bit
appropriately.
--
Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
--
Please post to: [email protected]
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
