So we want everything encrypted while traversing the internet, our solution – SSL everything. First, we need to get ourselves an SSL certificate. Commercial ones are great because they’re already on major browsers and won’t trigger those nasty warnings. Encryption-wise though, they’re just the same as self-signed ones.
1. Create a self-signed certificate:
yum install mod_ssl mkdir /etc/httpd/ssl openssl req -new -x509 -days 365 -nodes -out /etc/httpd/ssl/httpd.pem -keyout /etc/httpd/ssl/httpd.key
2. Configure apache to use the self-signed certificate
<VirtualHost 18.104.22.168:443> SSLEngine On SSLCertificateFile /etc/httpd/ssl/httpd.pem SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ServerAdmin email@example.com ServerName www.mydomain.com DocumentRoot /srv/www/mydomain.com/public_html/ ErrorLog /srv/www/mydomain.com/logs/error.log CustomLog /srv/www/mydomain.com/logs/access.log combined </VirtualHost>
3. Redirect http to https
<VirtualHost 22.214.171.124:80> ServerAdmin firstname.lastname@example.org ServerName www.mydomain.com Redirect permanent / https://www.mydomain.com/ DocumentRoot /srv/www/mydomain.com/public_html/ ErrorLog /srv/www/mydomain.com/logs/error.log CustomLog /srv/www/mydomain.com/logs/access.log combined </VirtualHost>
In 3. all directives you really need is 4th, all others is redundant. I use such solution for webmail clients (Roundcube, etc.).
Try this free service for SSL certs. The free certificates it produces are recognized by all major browsers. Since, you’re forcing it on, might as well make the website more friendly for visitors.
I found GoDaddy’s Free SSL for Open Source projects more straightforward.