Trying to setup a more secure load balanced distribution point environment. Currently have HTTP and SAMBA distribution point using port 80 on RHEL. Due to security concerns, need to secure it by using HTTPS and TLS 1.2. Could not find information on installing root/issuing/SSL certificates on Linux, changing port to 443 only (no HTTP), getting httpd/apache to use HTTPS instead of HTTP. Anyone successfully do this? Does it work?
Question
HTTPS for Distribution Point on Linux
+7
+18What are you running HTTP on nginx or Apache?
On apache you'll want todo something like this
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache
(Google redirect http to https)
Nginx: https://bjornjohansen.no/redirect-to-https-with-nginx
Both these you ideally want to enable a virtual server on 443 instead.
+7We are running Apache on RHEL. The security folks want HTTP altogether. They scan any server running HTTP.
+8We use Debian, all HTTPS.
From my notes.
openssl req -new -newkey rsa:2048 -nodes -keyout dp.mycompany.com.key -out dp.mycompany.com.csr
Generate cert with CA and then copy that file to the same folder as the .key and .csr
Create caspershare.conf in sites /apache2/sites-available as below,
QuotedText
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/dp.mycompany.com.cer
SSLCertificateKeyFile /etc/ssl/dp.mycompany.com.key
SSLCertificateChainFile /etc/ssl/CAROOT.cer
DocumentRoot /var/www/html/
DirectoryIndex index.php
CustomLog "/var/log/apache2/caspershare.log" combined
<Directory /var/www/html/CasperShare/Packages>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
QuotedText
Then run
sudo a2enmod ssl
a2ensite caspershare.conf
sudo a2dismod autoindex
Then restart Apache, RSYNC the lot and you're good to go.
Al
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.