This article follows the dev virtual site which can be viewed here. In that tutorial we created a virtual site called new site. The site we created was http meaning the packets are sent unencrypted. This means passwords and other data sent will be viewable to others on the network. A password to log into a content management system can easily be sniffed out. We can prevent this from happening by using a self signed TLS certificate, which will encrypt our traffic.
Let’s start by making a directory to store the certs
Next we will enter that directory and create a cert and private key inside of it.
cd /etc/apache2/ssl sudo openssl req -x509 -newkey rsa:4096 -keyout newsite.local.key -out newsite.local.crt -days 365 -nodes
Next we will copy the default SSL config file
cd /etc/apache2/sites-available sudo cp default-ssl.conf newsite-ssl.conf
We will now edit the config file so we have the following
ServerAdmin webmaster@localhost ServerName newsite.local DocumentRoot /var/www/html/newsite/public_html ErrorLog /var/www/html/newsite/logs/error.loca CustomLog /var/www/html/newsite/logs/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/newsite.local.crt SSLCertificateKeyFile /etc/apache2/ssl/newsite.local.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars SSLOptions +StdEnvVars
We will now enable the site.
sudo a2ensite newsite-ssl.conf sudo service apache2 reload
The final step is to add a redirect to the newsite.conf file. Add the following line inside of the <VirtualHost *:80> tag
Redirect / https://newsite.local
If you did everything correctly you should get a warning that the connection is not secure. This is simply because the cert is not signed by a central authority. Your packets will be sent encrypted. Obviously this should not be done on a production server. For a production server check out Let’s Encrypt.