You are here: Home / Debian GNU/Linux / Servers / Apache 2 / Enable the HTTPS protocol with Apache 2 on Debian

Enable the HTTPS protocol with Apache 2 on Debian

by Pierre-Yves Landuré last modified Oct 29, 2017 11:58

This howto ease the activation of HTTPS with Apache 2.

This howto is tested on :

  • Debian 5.0 Lenny
  • Debian 6.0 Squeeze
  • Debian 7.0 Wheezy

Prerequisites

This howto needs :

This howto recommands :

Parameters

Provide the HTTPS connection network interface name :

SSL_NET="eth0"

Installation

Detect the IP address of the network interface (use it later to create virtual hosts) :

SSL_IP="$(command ifconfig "${SSL_NET}" \
  | command grep 'inet ' \
| command sed -e 's/^.*inet [^:]*:\([^ ]*\) .*$/\1/')"

Setup the server to listen on port 443 :

if [ -z "$(command grep 'Listen.*443' '/etc/apache2/ports.conf')" ]; then
command echo "# Listen on the HTTPS port if the needed module is available.
<IfModule mod_ssl.c>
  Listen 443
</IfModule>" >> '/etc/apache2/ports.conf'
fi

Enable the VirtualHost naming for the network interface :

if [ -z "$(command grep "NameVirtualHost.*${SSL_IP}:443" '/etc/apache2/ports.conf')" ]; then
  command sed -i -e "/Listen[\t ]*443/a\\
    NameVirtualHost ${SSL_IP}:443" '/etc/apache2/ports.conf'
fi

Enable the SSL module :

command a2enmod ssl

Reload the server configuration :

/etc/init.d/apache2 force-reload

Usage

Any HTTPS host needs the creation of a valid SSL certificate for its domain name, as described by Create a SSL / TLS certificate on Debian.

Create a HTTPS virtual host with the --ssl option having for argument the name of the choosen SSL certificate (generaly, the domain name of the web site) :

# command a2tools --ssl='www.domain.com' 'www.domain.com' '/opt/www.domain.com'

If the choosen certificate is a wildcard valid for all sub-domains, use:

# command a2tools --ssl='*.domain.com' 'www.domain.com" '/opt/www.domain.com'

A missing functionnality from Internet Explorer 6 to 8 on Windows XP limits to one SSL certificate by IP address. To host many sub-domains on a same server, the use of wildcard certificates (ie. "*.domain.com") is recommanded.

To host several domains on one server without errors on Internet Explorer ,use the option --bind-ip to specify the IP address linked to the choosen SSL certificate. If you own a OVH server, assign a failover IP to the server.