Unable to set up SSL support for Apache 2 on Debian
- by Francesco
I am trying to set up ssl support for Apache 2 on Debian. Versions are:
Debian GNU/Linux 6.0
apache2 2.2.16-6+squeeze1
I followed a lot of how-tos for days but I couldn't make it work. Here are my steps and configuration files (ServerName and DocumentRoot are changed for privacy, in case tell me):
# mkdir /etc/apache2/ssl
# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
at this point I've a doubt about permissions on apache.pem, at this step they are
-rw-r--r-- 1 root root
Maybe it has to belong to www-data?
Then I enable ssl-mod with
# a2enmod ssl
# /etc/init.d/apache2 restart
I modify /etc/apache2/sites-available/default-ssl in this way (I put port 8080 because I need port 443 for another purpose):
<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<VirtualHost *:8080>
DocumentRoot /home/user1/public_html/
ServerName first.server.org
# Other directives here
</VirtualHost>
<VirtualHost *:8080>
DocumentRoot /home/user2/public_html/
ServerName second.server.org
# Other directives here
</VirtualHost>
I have to point out that the same configuration works on http (it is a copy of /etc/apache2/sites-available/default with some differences - port and ssl support).
My /etc/apache2/ports.conf is the following:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
#NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:8080
Listen 8080
</IfModule>
<IfModule mod_gnutls.c>
Listen 8080
</IfModule>
Any suggestion? Thanks