Sunday, November 28, 2010

Installing and configuring Apache Web Server 2.2.X with SSL in Ubuntu

This step-by-step article explains how to install apache web server 2.2.X with SSL in Ubuntu.

Prerequisites:
Openssl - this is required when creating the certificate.

Installing Apache 2.2.X
Download the Apache 2.2.X source from here.

Extract the archive to a place you refer. For .tar.gz archives use,
tar -xzvf httpd-2.2.17.tar.gz -C httpd

Now you can begin the installation process.

amila@amilam:/media/dev/software/httpd$ pwd
/media/dev/software/httpd
amila@amilam:/media/dev/software/httpd$ ./configure --prefix=/media/dev/software/apache2 --enable-ssl


This will configure your installation process. There are two important flags in the above command.
--prefix You can point to the directory where you want to install your apache instance
--enable-ssl This will enable the SSL module in apache. You can define any other modules which you want to enable at the time of install. For now, lets only enable ssl. Then,

amila@amilam:/media/dev/software/httpd$ make
amila@amilam:/media/dev/software/httpd$ make install

If you encounter any problems during the "make install" step, try,
make clean
make
make install

You may also encounter problems if you dont have the libssl-dev package installed in your machine. In that case, install the libssl-dev packages and try again.

amila@amilam:~$ sudo apt-get install libssl-dev

After successfully installing apache, you can check whether it starts without a problem.

amila@amilam:/media/dev/software/apache2$ pwd
/media/dev/software/apache2
amila@amilam:/media/dev/software/apache2$ cd bin/
amila@amilam:/media/dev/software/apache2/bin$ sudo ./apachectl start


If everything is ok, your apache web server will start without any error messages. You can open a browser and type http://localhost/. If you receive a web page as shown below, that means your installation is successful.

-----------------------------------------------------------------------------------------------

Yet, your web server is not equipped with the SSL. To enable that,

Open the httpd.conf file in conf folder. In this file you will find a line #Include conf/extra/httpd-ssl.conf
Remove the # at the beginning to uncomment this line which will include the httpd-ssl.conf file in the httpd.conf file when apache server starts.

When Apache is configured with SSL, it looks for a certificate file. There are several ways which you can create certificates. I will explain how to create a self-signed certificate (one of the several methods).

cd to the conf folder (if you are not already there).

Create a RSA private key
openssl genrsa -out server.key 1024

Create a certificate sign request (CSR)
openssl req -new -key server.key -out www.mysite.com.csr

Create the certificate
openssl x509 -req -days 730 -in www.mysite.com.csr -signkey server.key -out server.crt

Now open the httpd-ssl.conf file. Following mentioned properties are the important ones to pay attention.

Listen 443

DocumentRoot "/media/dev/software/apache2/htdocs"
SSLCertificateFile "/media/dev/software/apache2/conf/server.crt"
SSLCertificateKeyFile "/media/dev/software/apache2/conf/server.key"


-----------------------------------------------------------------------------------------

After making sure the above entries are correct, restart the apache server. Before that you have to do the followings too.

If you are willing to access your site via www.mysite.com, your browser should be able to resolve the domain name www.mysite.com. For that, you have to open your /etc/hosts file and add the following entry
127.0.0.1 www.mysite.com

Then, change the index.html in the htdocs directory. Put something like "This is a secured page" and save (this is not a must, just to have the feeling).

Then restart the server
amila@amilam:/media/dev/software/apache2/bin$ sudo ./apachectl restart

Now, open a browser and type https://www.mysite.com. Browser will warn you about the security risk of the certificate provided by the web server (because it is a self-signed certificate). After you have accepted the security exception and saved the certificate, you will see your page.



NOTE: Creating the security certificate is a wide topic. I have just provided the steps for you to get it done for this example. You can study it by your own and create certificates according to your requirements.