tencent cloud

Feedback

Installing Certificate on Apache Server (Linux)

Last updated: 2024-03-20 14:38:45

    Overview

    This document describes how to install an SSL certificate in a Lighthouse instance and enable HTTPS access. The example instance uses an LAMP application image with Apache software pre-installed.
    Note:
    The SSL certificate used in the document is provided by Tencent Cloud. For more information on this service, see Overview and Purchase Guide.

    Preparation

    Install the remote file copy tool such as WinSCP. The latest official version is recommended.
    Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
    Open port 443 in your firewall policy. For more information, see Managing Firewall.
    The data required to install the SSL certificate includes the following:
    Name
    Description
    Lighthouse instance's public IP address
    Instance IP address used to connect a local computer to the instance.
    Username
    The username used to log in to the Lighthouse instance, such as `root`.
    Password or SSH key
    The password matching the username used to log in to the Lighthouse instance, or the bound SSH key.
    Note:
    You can log in to the Lighthouse console, find the target instance, and enter its details page to view its public IP address. After the instance is created, first reset the password and remember it, or bind an SSH key and save the private key file. For more information, see Resetting Password and Managing Keys.

    Directions

    Installing certificate

    1. Log in to the SSL Certificates Service console, download and decompress the SSL certificate file (with the name cloud.tencent.com as an example here) to a local directory. After decompression, you can get the relevant certificate files, including the Apache folder and CSR file:
    Folder name: Apache
    Files in the folder:
    1_root_bundle.crt: Certificate file
    2_cloud.tencent.com.crt: Certificate file
    3_cloud.tencent.com.key: Private key file
    CSR file: cloud.tencent.com.csr file
    Note:
    You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
    2. Log in to the Lighthouse instance. See Logging In to Linux Instance via WebShell.
    3. Run the following commands in sequence to enter the Apache installation directory and create the ssl folder.
    cd /usr/local/lighthouse/softwares/apache
    sudo mkdir ssl
    4. Copy the obtained 1_root_bundle.crt, 2_cloud.tencent.com.crt, and 3_cloud.tencent.com.key files from the local directory to the created /usr/local/lighthouse/softwares/apache/ssl directory. For more information, see Uploading Local Files to Lighthouse.
    5. Run the following command to edit the httpd.conf configuration file.
    sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
    6. Press i to enter the edit mode and make the following changes:
    6.1 Delete the # in #LoadModule ssl_module modules/mod_ssl.so.
    6.2 Delete the # in #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so.
    6.3 Replace localhost in ServerName localhost with the certificate name. A modified sample is as shown below:
    ServerName cloud.tencent.com
    6.4 Delete the # in #Include conf/extra/httpd-ssl.conf.
    7. Press Esc and enter :wq to save the changes.
    8. Run the following command to modify the httpd-ssl.conf configuration file.
    sudo vim /usr/local/lighthouse/softwares/apache/conf/extra/httpd-ssl.conf
    9. Press i to enter the edit mode and make the following changes in <VirtualHost _default_:443>:
    9.1 Replace www.example.com:443 in ServerName www.example.com:443 with the certificate name. A modified sample is as shown below:
    ServerName cloud.tencent.com
    9.2 Modify the paths of the certificate files:
    SSLCertificateFile "/usr/local/lighthouse/softwares/apache/ssl/2_cloud.tencent.com.crt"
    SSLCertificateKeyFile "/usr/local/lighthouse/softwares/apache/ssl/3_cloud.tencent.com.key"
    SSLCertificateChainFile "/usr/local/lighthouse/softwares/apache/ssl/1_root_bundle.crt"
    
    9.3 Add the following content:
    <Directory "/usr/local/lighthouse/softwares/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
    </Directory>
    10. Press Esc and enter :wq to save the changes.
    11. Run the following command to restart the Apache service.
    sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
    After the successful restart, you can use https://cloud.tencent.com for access as shown below:
    
    

    (Optional) Setting automatic redirect of HTTP request to HTTPS

    You can configure the instance to automatically redirect HTTP requests to HTTPS in the following steps:
    1. Run the following command to edit the httpd.conf configuration file .
    sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
    2. Press i to enter the edit mode and make the following changes:
    2.1 Delete the # in #LoadModule rewrite_module modules/mod_rewrite.so.
    2.2 Find <Directory &quot;/home/www/htdocs/&quot;> and add the following content:
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
    The result should be as follows:
    
    
    3. Press Esc and enter :wq to save the changes.
    4. Run the following command to restart the Apache service.
    sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
    At this point, you have successfully set the automatic redirect to HTTPS. You can use http://cloud.tencent.com to redirect to the HTTPS page.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support