Self-Signed SSL Certificate for Apache in Ubuntu 20.04

ติดตั้ง Apache

sudo apt update
sudo apt install apache2

Enabling mod_ssl

Before we can use any SSL certificates, we first have to enable mod_ssl, an Apache module that provides support for SSL encryption.

Enable mod_ssl with the a2enmod command:

$ sudo a2enmod ssl
[sudo] password for jack:
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2

Restart Apache to activate the module:

sudo systemctl restart apache2

Creating the SSL Certificate

Now that Apache is ready to use encryption, we can move on to generating a new SSL certificate. The certificate will store some basic information about your site, and will be accompanied by a key file that allows the server to securely handle encrypted data.

We can create the SSL key and certificate files with the openssl command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
     -keyout /etc/ssl/private/apache-selfsigned.key \
     -out /etc/ssl/certs/apache-selfsigned.crt

private key ที่ได้จะอยู่ที่ /etc/ssl/private/apache-selfsigned.key

Configuring Apache to Use SSL

ที่ไฟล์ 000-default.conf เพิ่ม VirtualHost *:443

$ sudo nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
   DocumentRoot /var/www/html

   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>

Next, let’s test for configuration errors:

sudo apache2ctl configtest

Let reload apache2

sudo systemctl reload apache2

ทดลองเรียกไปที่ https://localhost

Redirecting HTTP to HTTPS

$ sudo nano /etc/apache2/sites-available/000-default.conf

To use Redirect to match any requests and send them to the SSL VirtualHost. Make sure to include the trailing slash:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        Redirect / https://jack5.com/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
   DocumentRoot /var/www/html

   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
   SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>

ตอนนี้พอเรียกไปที่ http://localhost ก็จะ redirect ไปที่ https://localhost ละ