Migrate from http to https

Leave a reply

This howto explains how you can easily migrate from http to https. This guide is written for Apache 2.4. It has been tested on Ubuntu 14.04.

Plaintext http vhost

Normally you’re starting with a site config similar to his.

<VirtualHost *:80>
   ServerName www.rivy.org
   ServerAdmin webmaster@rivy.org
   DocumentRoot /var/www/www.rivy.org/
   <Directory />
      Options FollowSymLinks
      AllowOverride None
      deny from all
   </Directory>
   <Directory /var/www/www.rivy.org/>
      Options FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      allow from all
   </Directory>
</VirtualHost>

Encrypted https vhost

Now let’s create an extra site configuration for the https website. Usually, the available sites are kept in /etc/apache2/sites-available.

# cp /etc/apache2/sites-available/001-www.rivy.org.conf /etc/apache2/sites-available/sites-available/002-ssl-www.rivy.org.conf

Now you edit the config for the new ssl enabled site. I assume that you already have the crt and key file available. Adjust the paths as necessary.

<VirtualHost *:443>
   ServerName www.rivy.org
   ServerAdmin webmaster@rivy.org
   SSLEngine On
   SSLCertificateFile /path/to/www.rivy.org.crt
   SSLCertificateKeyFile /path/to/www.rivy.org.key
   SSLCertificateChainFile /etc/certs/chain.crt

   DocumentRoot /var/www/www.rivy.org/
   <Directory />
      Options FollowSymLinks
      AllowOverride None
      deny from all
   </Directory>
   <Directory /var/www/www.rivy.org/>
      Options FollowSymLinks MultiViews
      AllowOverride All
      Order allow,deny
      allow from all
   </Directory>
</VirtualHost>

After saving the file, you can enable the site with this command.

# a2ensite 002-ssl-www.rivy.org
# service apache2 restart

Make sure that this command doesn’t return any errors. At this time you should be able to use any browser and go to your https enabled website.

https://www.rivy.org

Send all visitors to secure version

It’s probably a good idea to send all your visitors to the secure version of your website. This can be done transparently and without impact on the users. Links in bookmarks and incoming hyperlinks will still work. Edit the 001-www.rivy.org.conf file like this.

<VirtualHost *:80>
   ServerName www.rivy.org
   ServerAdmin webmaster@rivy.org
   Redirect 301 / https://www.rivy.org/
</VirtualHost>

This creates a permanent redirect to the secure version of your site. After saving and reloading or restarting apache2 ( see previous steps ) you can visit the http:// version of your site and you’ll be automatically redirected to the secure version.

Related posts:

  1. Apache2 cipher selection The tutorial explains how to configure the Apache2 cipher selection....
  2. Enable Public Key Pinning on Apache2 How to enable Public Key Pinning Extension for HTTP (HPKP)...
  3. Updating Snort Rules using Pulled Pork In this previous post, I explained how to install Snort...
  4. Mails with FAX attachment I’ve been receiving a lot of mails with Fax attachment...

Leave a Reply

Your email address will not be published. Required fields are marked *