Mediawiki/Force SSL
| Line 57: | Line 57: | ||
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt | SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt | ||
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key | SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key | ||
| + | |||
| + | ==edit mediawiki LocalSettings.php== | ||
| + | http://www.mediawiki.org/wiki/Manual:$wgServer<br> | ||
| + | Now lets go to LocalSettings.php and edit the site file:<br> | ||
| + | ~$ sudo vi /var/www/html/servername/mediawiki-1.22.6/ | ||
| + | ## The protocol and server name to use in fully-qualified URLs | ||
| + | $wgServer = "//servername.com"; | ||
| + | |||
| + | ## Adding $wgCanonicalServer for locations that don't support protocol relative urls (default if it cannot understand "//servername.com" | ||
| + | $wgCanonicalServer = "https://servername.com"; | ||
Revision as of 10:54, 29 April 2014
Contents |
Overview
All instructions done on Oracle Linux 6.5
http://www.rackspace.com/knowledge_center/article/serving-secure-sites-with-sni-on-apache
install mod ssl
~$ sudo yum install mod_ssl
If you cannot find the package, update your cache and search
~$ sudo yum check-update ~$ sudo yum search ssl ... =============================== N/S Matched: ssl =============================== ... mod_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server
apache config
comment NameVirtualHost *:443 from /etc/httpd/conf/httpd.conf
#NameVirtualHost *:443
Add new NameVirtualHost to /etc/httpd/conf.d/ssl.conf
#SNI config - tells apache to use named virtual hosts on the secure port NameVirtualHost *:443
Remove Listen line from /etc/httpd/conf/httpd.conf. This is not needed because with mod_ssl installed it is not in /etc/httpd/conf.d/ssl.conf
#Listen 443
create key,csr, and self-signed crt
http://www.akadia.com/services/ssh_test_certificate.html
create directories
since you have multiple sites hosted from the same box, its best to organize them into directories. The default location for certs on most linux apache installations with mod_ssl is:
/etc/ssl/certs/
create key
~$ openssl genrsa -des3 -out server.key 2048
generate csr
~$ openssl req -new -key server.key -out server.csr Country Name (2 letter code) [GB]:CH State or Province Name (full name) [Berkshire]:Bern Locality Name (eg, city) [Newbury]:Oberdiessbach Organization Name (eg, company) [My Company Ltd]:Akadia AG Organizational Unit Name (eg, section) []:Information Technology Common Name (eg, your name or your server's hostname) []:public.akadia.com Email Address []:martin dot zahn at akadia dot ch Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
backup & remove passphrase from key
unless the passphrase is removed, apache will ask for the passphrase whenever it is started.
~$ cp server.key server.key.org ~$ openssl rsa -in server.key.org -out server.key
generate self-signed cert
~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch Getting Private key
add ssl to virtual host
add the following to your virtual host config
SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
edit mediawiki LocalSettings.php
http://www.mediawiki.org/wiki/Manual:$wgServer
Now lets go to LocalSettings.php and edit the site file:
~$ sudo vi /var/www/html/servername/mediawiki-1.22.6/ ## The protocol and server name to use in fully-qualified URLs $wgServer = "//servername.com"; ## Adding $wgCanonicalServer for locations that don't support protocol relative urls (default if it cannot understand "//servername.com" $wgCanonicalServer = "https://servername.com";
