Posted on

Enable HTTPS 443 on Apache 2

Capture

Generate you SSL cert

mkdir crt
mkdir key
openssl req -new -x509 -days 365 -keyout key/TomSchaefer.key -out crt/TomSchaefer.crt -nodes -subj  ‘/O=TomSchaefer.org/OU=TomSchaefer.org/CN=www.TomSchaefer.org’

This operation will create two files, crt/TomSchaefer.crt and key/TomSchaefer.key, that you will use in your VirtualHost definition to enable SSL encryption using that key.

 

Change your virtualhost config

Open your VirtualHost config file. You should have something along the lines of:

<VirtualHost *>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
<Location />
Options Indexes FollowSymLinks
AllowOverride All
</Location>

</VirtualHost>

Together with the new config, this should look like that:

<VirtualHost *:80>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/crt/TomSchaefer.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/TomSchaefer.key
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>

</VirtualHost>

 

sudo a2enmod rewrite

sudo a2enmod ssl

sudo /etc/init.d/apache2 restart

 

You may also have to configure apache to listen on 443 by changing your config

listen 443

Debian will have this set by default! Enjoy!

Posted on

Block Internet pr0n, spyware, Viruses, and more

People don’t realize how easy it is to block pr0n and other negative things from your Internet connection. There are two methods that I recommend, 1 being OpenDNS and 2 Squid + SquidGuard + HAVP.

OpenDNS is a free DNS service that is open to anyone. One option is to create an account (although not needed to use Opendns) with the service. Flow their instructions how to use OpenDNS and then continue to modify your access options in your account settings.

image

OpenDNS give you several options with filtering. You can even add your own Custom Domain list to be blocked.

OpenDNS blocks these sites when your computer (configured with Open DNS) requests a blocked site. The DNS is modified for your network and your browser is redirected to a safe site.

 

 

Squid + SquidGuard + HAVP. I love blocking viruses, spyware, ads, and more. You can run Squid + SquidGuard + HAVP on a separate box and configure your browsers to use that proxy server or you can install these services on your border gateway and run them transparently.

HAVP can block viruses before they enter your network. HAVP uses ClamAV to scan files before they are downloaded.

 

 

 

 

 

 

I recommend using IPCop or pfsense running the Shalla’s Blacklists.

Take a look at my previous posts if you want more information on IPCop or pfsense