In this article we will look into setting up very basic LAMP website. We will setup self signed ssl certificate and configure virtual host to run https.
SSL is not bullet proof technology but it helps to make your website more secure by creating encrypted link between browser and web server.
1. First lets install LAMP. We will not get into too much details and explanation during LAMP setup and just show basic steps needed to set this up.
$yum install httpd $systemctl start httpd.service $systemctl enable httpd.service $yum install mariadb-server mariadb $systemctl start mariadb $mysql_secure_installation $systemctl enable mariadb.service $yum install php php-mysql $systemctl restart httpd.service
2. Lets now install mod_ssl package
yum install mod_ssl
3. Now we can generate private key
openssl genrsa -out ca.key 2048
4. Lets Generate CSR
openssl req -new -key ca.key -out ca.csr
5. Now we need to Generate Self Signed Key and provide all required information
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt Country Name (2 letter code) [XX]:CA State or Province Name (full name) :Ontario Locality Name (eg, city) [Default City]:Toronto Organization Name (eg, company) [Default Company Ltd]:prolinuxhub Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :demo1.com Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
6. We can now copy all our keys and certificates to correct location
cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr
7. Lets now create directory for our virtual host based website
mkdir -p /var/www/html/demo1.com
8. We will need to also create vhost configuration file.
SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key AllowOverride AllDocumentRoot /var/www/html/demo1 ServerName demo1.com
9. Lest restart our apache server
systemctl restart httpd
10. At this point you can access your site with https protocol https://demo1.com
You will need to make sure your test site can be resolved via DNS. If not then you can setup hosts file for testing purposes.