Apache2 Web Server HTTPS Configuration on Ubuntu Server
Data transmission between web server and web client over port 80 (HTTP) is not encrypted. So, any middle man between web server and web client can view transmitted data and can steal secret information. To overcome this limitation, HTTPS Protocol over port 443 has been introduced. HTTPS is a secure web server that is configured with SSL/TLS certificate.
TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are web protocols used to wrap normal traffic in a protected, encrypted wrapper. Using TLS technology, server can send traffic safely between servers and clients without the possibility of messages being intercepted by any middle man.
In my previous article, I discussed how to configure Ubuntu Apache2 web server with phpMyAdmin package. In this article, I will discuss how to configure Ubuntu Apache2 web server with SSL/TLS certificate for securing data transmission between web server and web client.
Prerequisites
Before we begin, we have to have a web server installed. How to configure Ubuntu web server with phpMyAdmin package was discussed in my previous article. If do not yet install Ubuntu web server, install apache2 web server following that article.
For HTTPS web server configuration, we also need SSL/TLS certificate. SSL/TLS certificate may be either self-signed or public SSL certificate. If your web server is used publicly, buy SSL/TLS certificate from any trusted CA provider and if your web server is used within your company or a few workers, use self signed certificate. How to generate self signed certificate with OpenSSL in Ubuntu server was discussed in my previous article. So, follow that article if you require self signed certificate.
Also don’t forget to keep opening port 80 (for HTTP) and 443 (for HTTPS) in firewall rule otherwise web server will not be acceesible.
Configuring Apache2 Web Server with TLS/SSL Certificate
Before we going to start HTTPS configuration, we have to have TLS/SSL certificate in hand. If you purchase public TLS certificate, you will have one certificate file (.crt) and a private key file (.key). If you follow my previous article for self signed certificate, you will have system.crt and system.key files those will be used in this article.
In Ubuntu Apache2 web server, you will find two configuration files in /etc/apache2/sites-available directory. One is 000-default.conf file which is HTTP configuration file and another is default-ssl.conf file which is HTTPS configuration file. So, we will change the default-ssl.conf configuration file because we are going to configure secure apache2 web server.
We will change certificate file and private key file location in default-ssl.conf. Certificate files are usually kept in /etc/ssl/certs directory and private key files are kept in /etc/ssl/private directory. So, copy your certificate and private key files in these directories respectively and then open default-ssl.conf file with vim editor.
and change the certificate and private key file locations according to the following lines.
SSLCertificateKeyFile /etc/ssl/private/system.key
Now save and close the file. By default HTTP site is kept enabled in Apache2 Web Server. So, we have to enable HTTPS site after editing the default-ssl.conf. Issue the following command to enable HTTPS site.
By default SSL mode is also not enabled in Ubuntu Apache2 web server. So, we also have to enable SSL mode in Apache2 web server with the following command.
After running the above commands, we have to restart the Apache2 web server otherwise modification will not be applied.
Apache2 web server is now ready to transfer data over port 443 securely. Type your web server URL [https://ip_address] in any browser. You will now find the default web content will appear over secure HTTPS protocol.
Note: If you use self signed certificate, you will find a warning page before appearing this page because CA is not trusted by the browser. So, accept the security risk because certificate is generated by you and there no security risk here.
Redirecting HTTP to HTTPS
The above HTTPS page will only appear when we type HTTPS URL in browser. But sometimes user will forget to type HTTPS. So, they will get the HTTP site that may be harmful. To overcome this situation, we have to redirect HTTP traffic to HTTPS site so that users can get HTTPS site although he/she types only the URL without HTTPS.
To redirect HTTP to HTTPS, open corresponding HTTP configuration file (for this article, the configuration file is 000-default.conf ) and add the following line at the bottom within <VirtualHost> tag.
Now restart or reload the Apache2 web server and then browse HTTP URL. You will now find that the HTTP site has been redirected to the HTTPS site.
How to configure HTTPS in Ubuntu Apache2 Web Server and how to redirect HTTP to HTTPS have been discussed in this article. I hope you will now be able to configure HTTPS web server in Ubuntu. However, if you face any confusion, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.
Why not a Cup of COFFEE if the solution?