Friday, August 7, 2009

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Let us say you have website called http://www.sureshkumar.edu and you would like to redirect it to https secure connection i.e. https://www.sureshkumar.edu.

This will help you protect user privacy and sensitive information such as username and password remotely.

So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?
Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.

Create a SSL Certificates:-

[root@www ~]# cd /etc/pki/tls/certs

[root@www certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key

Generating RSA private key, 1024 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase: // input pass phrase

Verifying - Enter pass phrase: // verify

[root@www certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key: // input pass phrase

writing RSA key
[root@www certs]#
[root@www certs]# make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: IN
State or Province Name (full name) [Berkshire]: Tamilnadu
Locality Name (eg, city) [Newbury]: Chennai
Organization Name (eg, company) [My Company Ltd]: Server Linux
Organizational Unit Name (eg, section): IT Solution
Common Name (eg, your server's hostname): www.sureshkumar.edu
Email Address: root@sureshkumar.edu

Please enter the following 'extra' attributes
To be sent with your certificate request
A challenge password: // Enter with empty

An optional company name: // Enter with empty

[root@www certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
// make CertificateFile

Signature ok
Subject=/C=IN/ST=Tamilnadu/L=Chennai/O=Server Linux/OU=IT Solution/CN=www.sureshkumar.edu/emailAddress=root@sureshkumar.ed Getting Private Key

[root@www certs]# chmod 400 server.*

Now open /etc/httpd/conf.d/ssl.conf
[root@www certs]# vim /etc/httpd/conf.d/ssl.conf

Append following line :
DocumentRoot "/var/www/html"
ServerName www.sureshkumar:443
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@www certs]# /etc/rc.d/init.d/httpd restart

Now open /etc/httpd/conf/httpd.conf

[root@sureshkumar certs]# vim /etc/httpd/conf/httpd.conf

Append following line:
Redirect permanent http://www.sureshkumar.edu/ https://www.sureshkumar.edu/

Any request made to http://www.sureshkumar.edu will go to https://www.sureshkumar.edu

Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart

Open web browse type http://www.sureshkumar.edu
Posted by at No comments:

Installing and Configure Subversion, WebDav Protocol with SSL Encryption (https ://) On Ubuntu Server

Installing and Configure Subversion, WebDav Protocol with SSL Encryption

(https ://) On Ubuntu Server

Subversion:-

Subversion is an open-source version control system. Using subversion you can record the history of source files and directories. It manages file and directories over time. A tree of files is placed into a central repository. The repository is much like an ordinary file server, except that it remembers every change ever made to files and directories.

Installation Package:-

ü Subversion

ü Subversion-tools

ü Apache2

ü Libapache2-svn

ü Ssl-cert

ü Openssl

The following commands:

$ sudo apt-get installs subversion subversion-tools apache2 libapache2-svn ssl-cert openssl

Create a Subversion Repository:-

The following commands:

   $ sudo mkdir /home/svn
   $ cd /home/svn
   $ sudo mkdir repos 
   $ sudo addgroup subversion       
 
   $ sudo adduser sureshkumar subversion
  
 $ sudo chown –R www-data:subversion /home/svn/repos
 
 
   $ sudo chmod –R g+rws /home/svn/repos
 
 
The subversion repository can be created using the following command:
 
   $ sudo svnadmin create /home/svn/repos

Creating Certificates for https:-

Generating a Certificate Signing Request (CSR)

To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt:

$ openssl genrsa -des3 -out server.key 1024
 
 
 
To create the CSR:-
 
            run the following command at a terminal prompt:
$ openssl req -new -key server.key -out server.csr

Creating a Self-Signed Certificate:-

To create the self-signed certificate, run the following command at a terminal prompt:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Installing the Certificate:-

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt: 

$  sudo cp server.crt /etc/ssl/certs
$  sudo cp server.key /etc/ssl/private
 
Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS.
 
To configure Apache for HTTPS add the following three lines to the /etc/apache2/sites-available/subversion file
 
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
 
Configure Apache Server (https) the Repository:-
 
         We need to be sure the right modules are enabled

$ a2enmod dav

$ a2enmod dav_svn

We must set up virtual host for subversion server. File that you can put in /etc/apache2/sites-available/default (original file).so we can copy the original file (default) to duplication file (subversion).

$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/subversion.

Edit file $ sudo vim /etc/apache2/sites-available/subversion

 NameVirtualHost 192.170.50.61:443
      ServerAdmin webmaster@localhost
       #SSLCertificate
         SSLEngine on
         SSLCertificateFile /etc/ssl/certs/server.crt
         SSLCertificateKeyFile /etc/ssl/private/server.key
  
        DAV svn
        SVNPath /home/svn/repos
        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /etc/apache2/dav_svn.passwd
      #Required authentication
        Require valid-user
      # Require encryption
        SSLRequireSSL
  
      ErrorLog /var/log/apache2/error.log
      LogLevel warn
      CustomLog /var/log/apache2/access.log combined
      ServerSignature On
 
 
 
Symbolic link:- 
 
Be sure to make a symbolic link to that file in /etc/apache2/sites-enabled:
 
$ ln –s  /etc/apache2/sites-available/subversion/  /etc/apache2/sites-enabled
 
 
Open Port Number:-
 
Add "Listen 443" to /etc/apache2/ports.conf:
 
$ sudo vim /etc/apache2/ports.conf
 
             Listen 443   
 
 
Subversion main configuration file:-

Edit /etc/apache2/mods-available/dav_svn.conf configuration file and follow the instructions:

$ sudo vim /etc/apache2/mods-available/dav_svn.conf

  
        DAV svn
        SVNPath /home/svn/repos
        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /etc/apache2/dav_svn.passwd
        Require valid-user
        SSLRequireSSL
  
 
User authentication:-
 
To add the first user, you can run the following command:
 
$ sudo htpasswd -c /etc/apache2/dav_svn.passwd suresh
 
 
Note: If you have just installed SVN, the passwd file will not yet exist and needs to be created using the "-c" switch. Adding any users after that should be done without the "-c" switch to avoid overwriting the passwd file.
 
Direct repository you can run the following command:
 
$ sudo svn co file:///home/svn/repos
 
 
You should start apache service 
 
$ sudo /etc/init.d/apache2 start

Posted by at No comments:

Thursday, July 31, 2008

Love Has No Distance

Our story is different. Krithi is from the Kerala and I am from Chennai. Krithi and I met on coffee day and over time, we fell in love with each other. Sounds pretty wild huh? But the story ending will probably even surprise you more.

On October 7th, 2006, I came to the Kerala to meet him. It is an amazing experience, even now I can still remember how sweet I felt when I saw him for the first time, I wish the clock will stop and we can just enjoy that moment without any interruption from the outside world. His first touch, first smile, our first eye contact, our first kiss - everything made me feel like I was the luckiest person on earth. We just feel so good about our relationship.

On June 18th something that change our lives happened. There was a wedding ceremony and we were the two main person involved in it. So here I am, living in a pretty house with a big yard with my sweetheart Krithi.We live happily together and I am enjoying the life here. Our story inspires myself that, love has no distance.
Posted by at No comments:
Subscribe to: Posts (Atom)