Suggestion: Add https by default

…or at least make it an option at install time :slight_smile:

If you do want to add https to your existing install, here’s what I did, this will redirect any and all requests to port 80 to port 443 instead:

First install mod_ssl:
yum install mod_ssl

Make a temp directory to store your keys/certs in:
mkdir /root/sslcerts
cd /root/sslcerts

Generate the private key:
openssl genrsa -out ca.key 1024

Generate the CSR:
openssl req -new -key ca.key -out ca.csr

Generate a self signed key:
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copy the files to their correct locations:
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

Next, you need to edit /etc/httpd/conf.d/ssl.conf.

Look for the line beginning with SSLCertificateFile. Change the path to reflect the newly created certificate file (/etc/pki/tls/certs/ca.crt in our case)

Do the same for SSLCertificateKeyFile (the path should be /etc/pki/tls/private/ca.key)

Now you need to add a file to handle the redirect requests via mod_rewrite. Create a file in /etc/httpd/conf.d and name it https_redirect.conf and paste this config into it:

# Redirect all requests to port 80 to port 443 SSL via mod_rewrite

# make sure the module is loaded and switched on
<IfModule !mod_rewrite.c>
LoadModule rewrite_module /usr/lib/httpd/modules/
<IfModule mod_rewrite.c>
RewriteEngine on

# The line below sets the rewrite condition for
# That is, if the server port does not equal 443, then this condition is true
ReWriteCond %{SERVER_PORT} !^443$

# redirect rule
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Restart Apache, service httpd restart and you should be good to go. Now whenever you enter the hostname or IP of your box it should redirect to an https connection instead. Your browser will complain about an invalid security certificate, but this is normal as it self-signed.

1 Like

Hi, What does this do to the http://IP/admin account?


Awesome, thanks!