In the case of credit card info, that's a no-no. But in the case of most pages, it doesn't matter much. Except when it does - do you really want some third party monitoring your tweets? So https is becoming the default.
And the latest Chrome browser version, warns the user if the site they're accessing is using http and therefore not as secure as it could be. So now, there's an additional incentive to change to https. And that's what I'm aiming to do.
I use the apache web server because so do the majority of other web servers, plus I've been using it for 20 years. But before I could use https from my server, I had to upgrade it. Here's the plan:
1. Upgrade the server
2. Get certificates for each virtually hosted site that is hosted
3. Switch to https.
So first, to upgrade the server.
First, I needed to get the latest version of apache and any software that it depends on. To do that, I did a google search to download the tar.gz files, then untar them into the directories under a temp directory. And then:
openssl ./config make;make test;make install
apr ./configure make;make test;make install
expat ./configure make;make test;make install
apr-util ./configure --with-apr=/usr/local/apr make;make test;make install
yum install pcre-devel
pcre ./configure make;make test;make install
Then apache. First, a carefully crafted configure. In particular, I enable ssl and rewrite. You'll see why rewrite later on - that's how I'll transparently convert http accesses into https.
./configure --prefix=/usr/local/apache2.4.29 --enable-ssl --with-ssl=/usr/local/ssl \
--enable-module=most --enable-rewrite --enable-alias --disable-status \
--disable-asis --disable-autoindex --disable-imap --with-pcre=/bin/pcre-config \
--disable-negotiation --disable-actions --disable-userdir \
--with-apr=/usr/local/apr --enable-ssl-staticlib-deps
And when that is done, "make" followed by "make install". That put the new version of apache into /usr/local/apache2.4.29.
So then I edited httpd.conf to set it up the way my existing apache was, and copied over the include files for the virtual hosts.
Then I brought down the existing apache server with "systemctl stop httpd.service" (which takes a surprisingly long time, I think it's waiting for existing accesses to complete or something), and brought up the new server with "/usr/local/apache2.4.29/bin/apachectl start"
And then I accessed it from an outside server, and checked that it worked. Which it did! Hurrah.
Now to get the certificates.
No comments:
Post a Comment