Monday, March 03, 2008

Install SSL for apache

Setup Certificate

# from: http://www.vanemery.com/Linux/Apache/apache-SSL.html
[root]# openssl genrsa -des3 -out my-ca.key 2048
[root]# openssl req -new -x509 -days 3650 -key my-ca.key -out my-ca.crt

# deleted -des3 to not using pass phrase
[root]# openssl genrsa -out mars-server.key 1024
[root]# openssl req -new -key mars-server.key -out mars-server.csr
[root]# openssl x509 -req -in mars-server.csr -out mars-server.crt -sha1 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -days 3650

Setup Apache

# For no ssl
-bash-3.00$ more /opt/csw/apache2/etc/virtualhosts/yourserver.conf
<VirtualHost 8.17.170.154:80>
  ServerName youserver.com
  ServerAlias *.youserver.com
  DocumentRoot /home/youserver.com/app/current/public

  <Directory "/home/youserver.com/app/current/public/">
  Options FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>

  <Proxy balancer://yourserver-mongrels>
    BalancerMember http://127.0.0.1:8000
    BalancerMember http://127.0.0.1:8001
    BalancerMember http://127.0.0.1:8002
    BalancerMember http://127.0.0.1:8003
  </Proxy>

  ProxyPass /images !
  ProxyPass /javascripts !
  ProxyPass /stylesheets !
  ProxyPass / balancer://yourserver-mongrels/
  ProxyPassReverse / balancer://yourserver-mongrels/
  ProxyPreserveHost On
</VirtualHost>

# For ssl
-bash-3.00$ more /opt/csw/apache2/etc/virtualhosts/yourserver-ssl.conf

<VirtualHost 8.17.170.154:443>
ServerName youserver.com
ServerAlias *.youserver.com
DocumentRoot /home/youserver.com/app/current/public

<Directory "/home/youserver.com/app/current/public/">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<Proxy balancer://yourserver-mongrels>
  BalancerMember http://127.0.0.1:8000
  BalancerMember http://127.0.0.1:8001
  BalancerMember http://127.0.0.1:8002
  BalancerMember http://127.0.0.1:8003
</Proxy>

ProxyPass /images !
ProxyPass /javascripts !
ProxyPass /stylesheets !
ProxyPass / balancer://yourserver-mongrels/
ProxyPassReverse / balancer://yourserver-mongrels/
ProxyPreserveHost On

SSLEngine On
SSLCertificateFile /home/youserver.com/ssl/mars-server.crt
SSLCertificateKeyFile /home/youserver.com/ssl/mars-server.key
</VirtualHost>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)