leyrers online pamphlet

Debian Squeeze, Apache with gnu_tls, SNI, Serendipity, no-www

As Debian Squeeze does not include OpenSSL 1.0, we need gnu_tls to get SNI working with Apache2. 

apt-get install libapache2-mod-gnutls
a2dismod ssl
a2enmod gnutls

 

The last line automatically adds 
>IfModule mod_gnutls.c<
    Listen 443
>/IfModule<

to /etc/apache2/ports.conf so we don’t have to do that manually.

Generate the CertificateFile and the KeyFile (self signed):
  • Generate a Private Key
    openssl genrsa -des3 -out emp_server.key 1024
  • Generate a CSR (Certificate Signing Request)
    openssl req -new -key emp_server.key -out emp_server.csr
  • Remove Passphrase from Key
    cp emp_server.key emp_server.key.orig
    openssl rsa -in emp_server.key.orig -out emp_server.key
  • Generating a Self-Signed Certificate
    openssl x509 -req -days 1500 -in emp_server.csr -signkey emp_server.key -out emp_server.crt

Now add those files (and add permanent redirect from http to https) to the domain config in /etc/apache2/site-available/example.com:

<VirtualHost *:80>
...
    Redirect permanent /    https://example.com
...
<VirtualHost *:443>
    ServerName example.com:443
    ServerAlias www.example.com:443
    DocumentRoot /var/example.com/serendipity
...
    # Enable/Disable SSL for this virtual host.
    GnuTLSEnable on
    GnuTLSCertificateFile /etc/ssl/private/emp_server.crt
    GnuTLSKeyFile /etc//ssl/private/emp_server.key
    GnuTLSPriorities NORMAL
</VirtualHost>

 

Don’t forget to open your Firewall on port 443 for SSL/TLS to work (and that’s TCP, not UDP ;).

To get Serendipity to redirect all www.example.com request to example.com (no-www) add the following to yur /var/example.com/serendipity/.htaccess file: 
# http://no-www.org/ - Make your site Class B
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

 

Restart Apache and you are done.

Sources:

Tagged as: , , , , , | Author:
[Sonntag, 20120415, 17:31 | permanent link | 0 Kommentar(e)

Comments are closed for this story.


Disclaimer

„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.

Search

Me, Elsewhere

Tag Cloud

2007, 2blog, 2do, 2read, a-trust, a.trust, a1, accessability, acta, advent, age, ai, amazon, ankündigung, apache, apple, audio, austria, backup, barcamp, basteln, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, bruce sterling, buch, bürgerkarte, cars, cartoon, ccc, cfp, christmas, cloud, coding, collection, command line, commandline, computer, computing, concert, conference, copyright, covid19, css, database, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, dev, developer, development, devops, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, Douglas Adams, download, downloads, drm, dsk, dvd, e-card, e-government, e-mail, e-voting, E71, education, Ein_Tag_im_Leben, elga, email, encryption, essen, eu, EU, event, events, exchange, Extensions, fail, fedora, feedback, film, firefox, flash, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, git, gleichberechtigung, google, graz, grüne, grüninnen, hack, hacker, handtuch, handy, hardware, HHGTTG, history, how-to, howto, hp, html, humor, IBM, ibm, ical, iCalendar, image, innovation, intel, internet, internet explorer, iot, iphone, ipod, isp, it, IT, itfails, itfailsAT, itfailsDE, java, javascript, job, jobmarket, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, Linux, linux, linuxwochen, linuxwochenende, live, living, lol, london, lost+found, lotus, Lotus, lotus notes, Lotus Notes, LotusNotes, lotusnotes, lotusphere, Lotusphere, Lotusphere2006, lotusphere2007, lotusphere2008, Lotusphere2008, lustig, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, microsoft, Microsoft, mITtendrin, mobile, mood, motivation, movie, mp3, multimedia, music, musik, männer, nasa, nerd, netwatcher, network, netzpolitik, news, nokia, notes, Notes, Notes+Domino, office, online, OOXML, open source, openoffice, opensource, orf, orlando, os, outlook, patents, pc, pdf, performance, perl, personal, php, picture, pictures, podcast, politics, politik, pr, press, presse, privacy, privatsphäre, productivity, programming, protest, public speaking, qtalk, quintessenz, quote, quotes, radio, rant, recherche, recht, release, review, rezension, rip, rss, science, search, security, server, settings, sf, shaarli, Show-n-tell thursday, sicherheit, silverlight, smtp, SnTT, social media, software, sony, sound, space, spam, sprache, spö, ssh, ssl, standards, storage, story, stupid, summerspecial, sun, surveillance, sysadmin, talk, talks, technology, The Hitchhikers Guide to the Galaxy, theme, think, thinkpad, thunderbird, tip, tipp, tools, topgear, torrent, towel, Towel Day, TowelDay, travel, truth, tv, twitter, ubuntu, ui, uk, unix, update, usa, usb, vds, video, videoüberwachung, vienna, Vim, vim, vintage, vista, vorratsdatenspeicherung, vortrag, wahl, wcm, web, web 2.0, web2.0, web20, Web20, webdesign, werbung, wien, wiener linien, wikileaks, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, workshops, wow, writing, wtf, wunschzettel, Wunschzettel, www, xbox, xml, xp, zensur, zukunft, zune, österreich, övp, übersetzung, überwachung

Blogroll

AFK Readinglist