Changes between Initial Version and Version 1 of ApacheConfig

09/21/06 13:08:20 (13 years ago)



  • ApacheConfig

    v1 v1  
     1== .conf Files ==
     3In RHEL3 and RHEL4, the main /etc/httpd/conf/httpd.conf automatically includes any files named `*.conf` in the
     4`/etc/httpd/conf.d/` directory. This makes it easier to install official modules such as PHP, `mod_python`, etc.
     5and also separate out custom local configurations. However, you need to be careful to name only full configuration
     6sections with `.conf`; other files could be named `.off` or `.vhost`.
     8== SSL ==
     10By default, RHEL3 and RHEL4 ship Apache with a working SSL configuration file, but a fake `server.crt` certificate for `localhost`.
     11(In RHEL5, this process should change somewhat to use the new pki tools.) If you're not sure where your certificate came from, you
     12can view the issuer of with the following command:
     14# view
     15openssl x509 -noout -text -in /etc/httpd/conf/ssl.crt/server.crt -issuer | tail -1
     17# for a UW cert output should be:
     18/C=US/ST=WA/O=University of Washington/OU=UW Services/CN=UW Services CA/
     21To get a UW certificate, first generate a key (or use your existing one) and a certificate request:
     23cd /etc/httpd/conf/ssl.key
     24openssl genrsa -out server.key 1024
     25openssl req -new -key server.key -out server.csr
     27Then go to and upload the certificate request. When you get notice that
     28the certificate is ready, save it to `server.crt`:
     30cd /etc/httpd/conf/ssl.crt
     31mv server.crt server.crt.oldyear
     32cat > server.crt <<EOF
     33[paste here]
     36Finally, create an SSL vhost config like the following and verify the Apache config:
     38cd /etc/httpd/conf.d/
     39cat > ssl-vhost.conf <<EOF
     40# SSL - UW signed
     41<VirtualHost 128.95.x.y:443>
     42  DocumentRoot /usr/local/data/www/htdocs
     43  ServerName
     44  ServerAlias 128.95.x.y testsig testsig.biostr
     45  ServerAlias *
     46  DirectoryIndex index.html index.htm index.html.var
     48  CustomLog combined logs/ssl_access_log
     49  ErrorLog logs/ssl_error_log
     51  SSLEngine on
     52  SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
     53  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
     54  <Files ~ "\.(cgi|shtml)$">
     55  SSLOptions +StdEnvVars
     56  </Files>
     57  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
     61# test Apache config
     62httpd -S
     65Optionally redirect all non-SSL traffic to your SSL site by adding
     66this to your non-SSL config:
     68  RewriteEngine on
     69  RewriteRule ^/(.*)$1 [R]
     72Now restart Apache, open port 443 in the firewall, and visit
     73 in a web browser.