Enabling SSL (HTTPS) on Apache 2.4 Ubuntu, with a good rating from SSL Labs as a bonus

Start by installing Apache 2.4.  This will run on port 80 out of the box:

sudo su
apt install apache2
apt install apache2-doc

To use SSL/TLS/HTTPS aka port 443 as well, follow these additional steps:

Activate the SSL, socache_shmcb, and rewrite modules:

cd /etc/apache2/mods-enabled/
ln -s ../mods-available/ssl.load .
ln -s ../mods-available/socache_shmcb.load .

Optionally, activate the headers, rewrite and proxy modules, as they are often useful:

ln -s ../mods-available/headers.load .
ln -s ../mods-available/rewrite.load .
ln -s ../mods-available/cgi.load .

Copy the default ssl.conf file over and edit it:

cp /etc/apache2/mods-available/ssl.conf /etc/apache2/conf-enabled/
nano /etc/apache2/conf-enabled/ssl.conf

Near the bottom, modify these lines so that the AES-GCM protocols are preferred and only TLS 1.2 is supported

   #SSLCipherSuite HIGH:!aNULL   
   SSLCipherSuite EECDH+AESGCM:DHE+AESGCM:ECDHE+AES+SHA:RSA+AES+SHA
   SSLHonorCipherOrder on
   SSLProtocol TLSv1.2

Then edit /etc/apache2/sites-enabled/000-default.conf so it has default virtual hosts on both port 80 and port 443:

<VirtualHost _default_:80>
   ServerName localhost
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost _default_:443>
   ServerName localhost
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
   SSLEngine On
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
</VirtualHost>

Restart Apache and you should now have service for both HTTP (port 80) and HTTPS (port 443)

apachectl configtest
Syntax OK
apachectl restart

Run the site through SSL labs and the rating should be high, other than the self-signed certificate.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s