HTTPS for Distribution Point on Linux

henryxyz
New Contributor III

Trying to setup a more secure load balanced distribution point environment. Currently have HTTP and SAMBA distribution point using port 80 on RHEL. Due to security concerns, need to secure it by using HTTPS and TLS 1.2. Could not find information on installing root/issuing/SSL certificates on Linux, changing port to 443 only (no HTTP), getting httpd/apache to use HTTPS instead of HTTP. Anyone successfully do this? Does it work?

3 REPLIES 3

rderewianko
Valued Contributor II

What are you running HTTP on nginx or Apache?

On apache you'll want todo something like this
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache

(Google redirect http to https)
Nginx: https://bjornjohansen.no/redirect-to-https-with-nginx

Both these you ideally want to enable a virtual server on 443 instead.

henryxyz
New Contributor III

We are running Apache on RHEL. The security folks want HTTP altogether. They scan any server running HTTP.

al_platt
Contributor II

We use Debian, all HTTPS.

From my notes.

openssl req -new -newkey rsa:2048 -nodes -keyout dp.mycompany.com.key -out dp.mycompany.com.csr

Generate cert with CA and then copy that file to the same folder as the .key and .csr

Create caspershare.conf in sites /apache2/sites-available as below,

QuotedText

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile /etc/ssl/dp.mycompany.com.cer

SSLCertificateKeyFile /etc/ssl/dp.mycompany.com.key

SSLCertificateChainFile /etc/ssl/CAROOT.cer

DocumentRoot /var/www/html/

DirectoryIndex index.php

CustomLog "/var/log/apache2/caspershare.log" combined

<Directory /var/www/html/CasperShare/Packages>

AllowOverride all

Order allow,deny

Allow from all

</Directory>

QuotedText

Then run

sudo a2enmod ssl
a2ensite caspershare.conf
sudo a2dismod autoindex

Then restart Apache, RSYNC the lot and you're good to go.

Al