Simple 5 step guide to setting up https with your own self-signed certificate
Prerequisites: Apache2, Ubuntu Server
/usr/bin/openssl genrsa -des3 -out {your domain name}.key 3072
/usr/bin/openssl req -new -key {your domain name}.key -x509 -out {your domain name}.crt
<VirtualHost {your ip}:443>
...
SSLEngine on
SSLCertificateFile {path where certificate is}/{your domain name}.crt
SSLCertificateKeyFile {path where key file is}/{your domain name}.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
...
</VirtualHost>
/usr/bin/openssl rsa -in {path where key file is}/{your domain name}.key -out {path where key file is}/{your domain name}.key.nopass# SSLCertificateKeyFile {path where key fileis}/{your domain name}.key
SSLCertificateKeyFile {path where key file is}/{your domain name}.key.nopassIf you receive a certificate warning, simply accept it, and proceed. Congratulations, your communication is now encrypted, and safe from prying eyes!
Last whole week I was stumbled by the fact that my home network with 3 PCs suddenly stopped working. None of them were able to “see” each other, except for a little while… strange.
Technically (since it is easier to describe), A, B, C – my 3 computers – could reach each other, share files, host apache, download files without any extra configuration.
Last week, however while using C’s http server from A suddenly stopped. Puzzled, I thought the machine might be overloaded, or something like this must be causing page to timeout, or apache must have hanged (does it?). But things seemed to be working OK on C, in fact top showed a load average below 1 ?
Further puzzled, I tried pinging A to C, and vice-versa. It worked… but only for a while. Pinging after a while seemed to stop. Huh?
Scourging over the Internet wasn’t easy for answer. Maybe my way of searching was wrong, but I did spent a good week trying to fish out the ping issue, then next to dig deeper to find that accessing C’s IP from outside (it already has a global ip; though dynamic, paired through dyndns to the world) worked. Now each of them – A, B, C – have no internal 192.168 ip’s, just public ip’s. What good are public ip’s if I have to access them from outside than just sitting home?
Something was wrong.
To cut short, I called the ISP, asked them if they have changed anything recently (well, I was using A, B, C sharing files for over 6 months now). My ISP reported that no such upgrade, or settings were done. Deeply mad about this situation, I chose to disable the firewall (Eset Nod32) on A, and then tryout the ping – which worked effortlessly to C, and back.
What the hell! Why did Nod32 suddenly seem to block my own A, B, C from seeing each other? ARP Poisioning? I don’t know, only thing I know is that it shouldn’t block them. 🙂
Well, atleast things are fine now. I’ve changed settings on Nod32 to Not block threat detected addresses henceforth.
The website is up, and running on a brand new OS – Ubuntu 9.04 Server. Supercool to configure, has pre-configured LAMP, OpenSSH out-of-the-box.
Using the UFW was too easy than messing with iptables, or routing.
Feeling great having refreshed up my home server with a mature OS.
I recently happened to experiment with Apache’s mod_rewrite, an excellent library to change your machine friendly (or perhaps program friendly?) web urls into user friendly urls.
The steps to make mod_rewrite to work on Windows is-
– Edit httpd.conf for Apache, and uncomment the following line
# LoadModule rewrite_module modules/mod_rewrite.so
-to-
LoadModule rewrite_module modules/mod_rewrite.so
– Next, under <Directory “{Your document root}“> change
AllowOverride None
-to-
AllowOverride All
– Restart Apache
– Create a sample folder “rewrite” under {Your document root}, with the following files
{Your document root}
rewrite
.htaccess
details.php
– What we will attempt now is to have a url like http://localhost/rewrite/details/shantibhushan to be automatically executed as http://localhost/rewrite/details.php?user=shantibhushan
– Edit your .htaccess file as follows
<IfModule rewrite_module>
RewriteEngine on
RewriteBase /rewrite/
RewriteRule ^details/(.+)$ details.php?user=$1 [L]
</IfModule>
– The RewriteRule is the actual line where we specify what url is to be mapped to which actual url. ^details/(.+)$ takes a user friendly url /details/shantibhushan and extracts “shantibhushan” as $1. It then replaces $1 into details.php?user=$1 resulting in details.php?user=shantibhushan as the actual url.
– Edit details.php as follows
<?php
$user= $_REQUEST[‘user’];
print(“<h1>$user</h1>”);
?>
– The above sample simply takes “user” from details.php?user={user} and shows it back.
– Done! Try accessing http://localhost/rewrite/details/shantibhushan and you should see details.php getting called with parameter as “shantibhushan”
TODO
– Simply accessing details/ results in error, and rewrite rule doesn’t assume such a case. It can be handled by RewriteCond
– First I wanted to have details:shantibhushan as the url, but this has a bug on Windows not allows : in path. It seems to work fine on non-Windows.
– The example assumes Apache is running on port 80 on your machine.
