ติดตั้ง Apache
sudo apt update
sudo apt install apache2
Enabling mod_ssl
Before we can use any SSL certificates, we first have to enable mod_ssl
, an Apache module that provides support for SSL encryption.
Enable mod_ssl
with the a2enmod
command:
$ sudo a2enmod ssl [sudo] password for jack: Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Enabling module ssl. See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. To activate the new configuration, you need to run: systemctl restart apache2
Restart Apache to activate the module:
sudo systemctl restart apache2
Creating the SSL Certificate
Now that Apache is ready to use encryption, we can move on to generating a new SSL certificate. The certificate will store some basic information about your site, and will be accompanied by a key file that allows the server to securely handle encrypted data.
We can create the SSL key and certificate files with the openssl
command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/apache-selfsigned.key \ -out /etc/ssl/certs/apache-selfsigned.crt
private key ที่ได้จะอยู่ที่ /etc/ssl/private/apache-selfsigned.key
Configuring Apache to Use SSL
ที่ไฟล์ 000-default.conf เพิ่ม VirtualHost *:443
$ sudo nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key </VirtualHost>
Next, let’s test for configuration errors:
sudo apache2ctl configtest
Let reload apache2
sudo systemctl reload apache2
ทดลองเรียกไปที่ https://localhost
Redirecting HTTP to HTTPS
$ sudo nano /etc/apache2/sites-available/000-default.conf
To use Redirect
to match any requests and send them to the SSL VirtualHost
. Make sure to include the trailing slash:
<VirtualHost *:80> ServerAdmin webmaster@localhost Redirect / https://jack5.com/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key </VirtualHost>
ตอนนี้พอเรียกไปที่ http://localhost ก็จะ redirect ไปที่ https://localhost ละ