Thursday, October 5, 2017

Secured web server

This post is mainly about configuring secured web server. Certificates generation related will be discussed in future.

There's a package required to be installed, mod_ssl.

yum install -y mod_ssl

After installation, httpd needs to be restarted, and firewall rule should be updated, if it's meant to be accessible by other machines.

systemctl restart httpd
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

When you try to access, you'll get this.

You can proceed by Add Exception to view the page.

If I try to access (based on the existing setup continue from yesterday virtual web server, I'll get this.

Why? This is because is point to the same IP, and this URL is only set to listen to port 80, not port 443. When a match is not found, it will always refer back to the DocumentRoot in /etc/httpd/conf/httpd.conf.

If additional setting as below is setup, it will point to the "actual" content again.

You'll get this.

Potential issue you might face is the secured virtual host is not working.

1. Due to Listen 443 is found only in /etc/httpd/conf.d/ssl.conf, thus the virtual host listening to port 443 must be defined after this. The conf file loaded is based on file name alphabetical order. I defined it in test.conf, so I don't face any issue. In order to make it effective for all conf files in this directory, you can move that line to /etc/httpd/conf/httpd.conf, before IncludeOptional conf.d/*.conf line.

2. Follow to rule #1, if you missed the bold word... Listen 443 can be defined only once, or httpd will fail to start.

You always can set it to listen to other port number. Just remember to open the port in firewall rule, and also set the correct port SELinux policy if you have SELinux set to enforcing.

No comments:

Post a Comment