Configuring SSL
Getting SSL certificate
An SSL certificate is issued by a Certificate Authority (CA). Your internal IT/IS team might be able to help you with this. You might have to submit the basic information in the form of CSR (Certificate Signing Request). Refer this page to regenerate CSR: https://in.godaddy.com/help/generating-a-certificate-signing-request-csr-apache-2x-5269
Configure Apache
Once you have the SSL certificate, you can proceed to configure Apache:
Copy the certificate files to ${apache_home}/conf/CSR/
Open "${apache_home}/conf/httpd.conf" file
Search for the "LoadModule ssl_module modules/mod_ssl.so"
Remove any pound sign(#) at the start of the line (i.e. uncomment it)
If this line is not found in the file, then it means SSL module is not installed. Please install this depending on the OS of the server
For CentOS - yum install mod_ssl
- Skip 5th step if you installed SSL module manually i.e (3.b)
Add below section at the end of the file httpd.conf file after replacing the dummy values with the real one.
Listen 443 <VirtualHost *:443> DocumentRoot "D:\OpenSpecimen\Apache2.2\htdocs" ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu SSLEngine on SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen </VirtualHost> Note: Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.
In case of the new SSL module installation (3b), edit /etc/httpd/conf.d/ssl.conf file and add below lines in <VirtualHost> tag.
ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen Note: Remove existing entries for "SSLCertificateFile" and "SSLCertificateKeyFile" Also make sure files are located at specified path.
Configuring Apache to prevent browser caching
How to configure Apache to set expires header?
This header allows an application to set a given period of time to live for web pages and other objects served from web pages.
The idea is to inform web browsers how often they should reload objects from the server. This will save the bandwidth and server load because clients who follow the header will reload objects less frequently. For more details on Expires module, please refer: http://httpd.apache.org/docs/current/mod/mod_expires.html
Enable expires module:
The expires module is not compiled by default and must be enabled in the Apache. To enable the expires module please run the below command:sudo a2enmod mod_expires
- Add the below directive in the <Virtual Host> section.
ExpiresActive On
ExpiresDefault "access plus 3 hours"After updating the Virtual Host configuration will looks like below:
<VirtualHost *:443> DocumentRoot "D:\OpenSpecimen\Apache2.2\htdocs" ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu ExpiresActive On ExpiresDefault "access plus 3 hours" SSLEngine on SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen </VirtualHost>