tencent cloud

All product documents
Tencent Cloud Lighthouse
DocumentationTencent Cloud LighthousePractical TutorialInstalling SSL CertificateInstalling Certificate on Apache Server (Linux)
Installing Certificate on Apache Server (Linux)
Download PDF
Last updated: 2024-03-20 14:38:45
Installing Certificate on Apache Server (Linux)
Last updated: 2024-03-20 14:38:45
Download PDF

Overview

This document describes how to install an SSL certificate in a Lighthouse instance and enable HTTPS access. The example instance uses an LAMP application image with Apache software pre-installed.
Note:
The SSL certificate used in the document is provided by Tencent Cloud. For more information on this service, see Overview and Purchase Guide.

Preparation

Install the remote file copy tool such as WinSCP. The latest official version is recommended.
Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
Open port 443 in your firewall policy. For more information, see Managing Firewall.
The data required to install the SSL certificate includes the following:
Name
Description
Lighthouse instance's public IP address
Instance IP address used to connect a local computer to the instance.
Username
The username used to log in to the Lighthouse instance, such as `root`.
Password or SSH key
The password matching the username used to log in to the Lighthouse instance, or the bound SSH key.
Note:
You can log in to the Lighthouse console, find the target instance, and enter its details page to view its public IP address. After the instance is created, first reset the password and remember it, or bind an SSH key and save the private key file. For more information, see Resetting Password and Managing Keys.

Directions

Installing certificate

1. Log in to the SSL Certificates Service console, download and decompress the SSL certificate file (with the name cloud.tencent.com as an example here) to a local directory. After decompression, you can get the relevant certificate files, including the Apache folder and CSR file:
Folder name: Apache
Files in the folder:
1_root_bundle.crt: Certificate file
2_cloud.tencent.com.crt: Certificate file
3_cloud.tencent.com.key: Private key file
CSR file: cloud.tencent.com.csr file
Note:
You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
2. Log in to the Lighthouse instance. See Logging In to Linux Instance via WebShell.
3. Run the following commands in sequence to enter the Apache installation directory and create the ssl folder.
cd /usr/local/lighthouse/softwares/apache
sudo mkdir ssl
4. Copy the obtained 1_root_bundle.crt, 2_cloud.tencent.com.crt, and 3_cloud.tencent.com.key files from the local directory to the created /usr/local/lighthouse/softwares/apache/ssl directory. For more information, see Uploading Local Files to Lighthouse.
5. Run the following command to edit the httpd.conf configuration file.
sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
6. Press i to enter the edit mode and make the following changes:
6.1 Delete the # in #LoadModule ssl_module modules/mod_ssl.so.
6.2 Delete the # in #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so.
6.3 Replace localhost in ServerName localhost with the certificate name. A modified sample is as shown below:
ServerName cloud.tencent.com
6.4 Delete the # in #Include conf/extra/httpd-ssl.conf.
7. Press Esc and enter :wq to save the changes.
8. Run the following command to modify the httpd-ssl.conf configuration file.
sudo vim /usr/local/lighthouse/softwares/apache/conf/extra/httpd-ssl.conf
9. Press i to enter the edit mode and make the following changes in <VirtualHost _default_:443>:
9.1 Replace www.example.com:443 in ServerName www.example.com:443 with the certificate name. A modified sample is as shown below:
ServerName cloud.tencent.com
9.2 Modify the paths of the certificate files:
SSLCertificateFile "/usr/local/lighthouse/softwares/apache/ssl/2_cloud.tencent.com.crt"
SSLCertificateKeyFile "/usr/local/lighthouse/softwares/apache/ssl/3_cloud.tencent.com.key"
SSLCertificateChainFile "/usr/local/lighthouse/softwares/apache/ssl/1_root_bundle.crt"

9.3 Add the following content:
<Directory "/usr/local/lighthouse/softwares/apache/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride all
       Require all granted
</Directory>
10. Press Esc and enter :wq to save the changes.
11. Run the following command to restart the Apache service.
sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
After the successful restart, you can use https://cloud.tencent.com for access as shown below:



(Optional) Setting automatic redirect of HTTP request to HTTPS

You can configure the instance to automatically redirect HTTP requests to HTTPS in the following steps:
1. Run the following command to edit the httpd.conf configuration file .
sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
2. Press i to enter the edit mode and make the following changes:
2.1 Delete the # in #LoadModule rewrite_module modules/mod_rewrite.so.
2.2 Find <Directory &quot;/home/www/htdocs/&quot;> and add the following content: 
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
The result should be as follows:


3. Press Esc and enter :wq to save the changes.
4. Run the following command to restart the Apache service.
sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
At this point, you have successfully set the automatic redirect to HTTPS. You can use http://cloud.tencent.com to redirect to the HTTPS page.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon