Https apache2
Enabling HTTPS for Apache2 on Debian Systems
The Hypertext Transfer Protocol Secure (HTTPS) is a protocol for secure communication over a computer network. It is widely used on the Internet and is an essential part of securing data in transit. This article will guide you on how to enable HTTPS for Apache2 on Debian systems, including generating Secure Sockets Layer (SSL) keys.
Prerequisites
Before you start, you should ensure the following:
You have sudo privileges or root access to your Debian system. Apache2 web server is already installed on your Debian system. You have a registered domain name.
Apache2
Installing the SSL Module
Apache2 does not come with SSL enabled by default. You will need to enable the module using the following command:
sudo a2enmod ssl
After this, restart Apache to enable the module.
sudo systemctl restart apache2
Generating Self-Signed SSL Certificates
We'll generate a new private key and certificate signing request (CSR), and then sign our own certificate. Navigate to the SSL directory and create the certificates using these commands:
sudo mkdir /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
You will be asked a series of questions. Answer them appropriately to generate the certificate.
Configuring Apache to Use SSL
Now that we have our self-signed certificate and our private key, we can tell Apache how to use these to secure traffic.
Open the default Apache SSL Virtual Host file.
sudo nano /etc/apache2/sites-available/default-ssl.conf
Look for the following lines and make sure to point them to the paths of your certificate and private key:
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Save and exit the file.
Enabling the SSL Site
The next step is to enable the SSL site in Apache:
sudo a2ensite default-ssl.conf
And finally, restart Apache again to apply our changes:
sudo systemctl restart apache2
Now, you should be able to access your site via https://. Remember that since this is a self-signed certificate, browsers will generally show a warning since they cannot validate the certificate.
Configuring Apache to Redirect HTTP to HTTPS
After setting up the SSL, we can configure Apache to redirect all HTTP traffic to HTTPS.
Open the default Apache configuration file.
sudo nano /etc/apache2/sites-available/000-default.conf
Inside that file, add a redirection so that any HTTP traffic gets redirected to HTTPS:
<VirtualHost *:80> ServerName _default_ RewriteEngine On RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </VirtualHost>
Save and exit the file.
Restart Apache to apply the changes:
sudo systemctl restart apache2