SSL Configuration

A Former User

Does anybody have an apache config for using self signed certs? I tried using the basic settings from the default-ssl.conf but apparently there is some conflict with the other settings in the i-doit config file and the HTTPS wasn't working after I enabled it and restarted apache. Any help would be appreciated, I'm not particularly good with Apache web servers.

proofy

(make a backup of your system and run all commands as root

Create new certificates and keys and refer to them later.

So you can at least create the hostname to match the certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/idoit-company-local.key -out /etc/ssl/certs/idoit-company-local.crt

Activate SSL module of Apache

a2enmod ssl

Adjust Default SSL Configuration

Reasons for adjustment

listen to all hostnames
Correct Server Admin
own logs for SSL connections
Include your own generated certificates
directory /var/www/html run all configurations to customize themselves

root@idoit:/etc/apache2/sites-available# git diff default-ssl.conf
diff --git a/apache2/sites-available/default-ssl.conf b/apache2/sites-available/default-ssl.conf
index 7e37a9c..00eb69a 100644
--- a/apache2/sites-available/default-ssl.conf
+++ b/apache2/sites-available/default-ssl.conf
@@ -1,6 +1,6 @@
 <IfModule mod_ssl.c>
-       <VirtualHost _default_:443>
-               ServerAdmin webmaster@localhost
+       <VirtualHost *:443>
+               ServerAdmin admin@company.com

                DocumentRoot /var/www/html

@@ -10,8 +10,9 @@
                # modules, e.g.
                #LogLevel info ssl:warn

-               ErrorLog ${APACHE_LOG_DIR}/error.log
-               CustomLog ${APACHE_LOG_DIR}/access.log combined
+               ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
+               CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
+               Loglevel warn

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
@@ -29,8 +30,8 @@
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
-               SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
-               SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+               SSLCertificateFile      /etc/ssl/certs/idoit-company-local.crt
+               SSLCertificateKeyFile /etc/ssl/private/idoit-company-local.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
@@ -127,6 +128,10 @@
                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0
+               <Directory /var/www/html>
+                       AllowOverride All
+                       Require all granted
+               </Directory>

        </VirtualHost>
 </IfModule>

Activate Default SSL Configuration

a2ensite default-ssl

Restart Apache

systemctl restart apache2

A Former User

@proofy may I ask you for your help? I've followed your guide on my Debian-based machine. On my machine, http works perfectly fine. As soon as I try to access my i-doit via https, I'm seeing a totally weird page which appears like that:

https://ibb.co/LtNxFrc

Any idea what this could be?

A Former User

@Makorus-Makar I just started from scratch, it works now, thanks!

micfire

Hi @proofy & @all,

I'm experiencing the same problem. I tried your procedure on two different systems.

Ubuntu 20.04.1

I-doit itself and the following packages have been downloaded/installed by the i-doit-installer-script

PHP 7.4.3
Apache 2.4.41
MariaDB 15.1

May I ask for your help? thx