Showing posts with label Apache. Show all posts
Showing posts with label Apache. Show all posts

Thursday, January 21, 2016

Upgrade Apache Webserver

Following is the process to upgrade Apache

1) Download and Extract the new Apache binaries into /tmp/apache-new folder

2) Stop the running Apache --> /etc/init.d/httpd stop

3) Take a backup of existing config files -->

mv /usr/local/apache/conf /usr/local/apache/conf.old
cp /usr/local/apache/conf/vhosts /tmp/vhosts.old

4) Take a backup of complete Apache folder -->
mv /usr/local/apache /usr/local/apache.old

5) Create a new folder of Apache directory
mkdir -p /usr/local/apache

6) Now move to /tmp/apache-new/httpd-2.xx/ and run the following

Make sure you have noted down the required modules. If not, check the existing config logs (config.log).

./configure --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache charset_lite dav_lock disk_cache" --prefix=/usr/local/apache
make
make install

7) Copy the config and vhost files: /usr/local/apache/conf.old, /tmp/vhosts.old

8) Check and if required modify the script /ect/init.d/httpd to point to new httpd file

9) Now start the httpd --> /etc/init.d/httpd start
10) Check the version --> httpd –v
Posted by at No comments:
Labels: ,

Configure SSL for Apache Webserver

Following is the process to enable SSL on Apache webserver with Self Signed Certificates

1)    Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:

# BEGIN CUSTOMIZATIONS
NameVirtualHost *:80
NameVirtualHost *:443

Include conf/vhosts/*.conf

2) Generate key:
openssl genrsa -out ca.key 2048

3)    Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:

4)     Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

5)    Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

6)    Create ssl.conf with the key entries:

/usr/local/apache2/conf/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key


7)    Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)
 
< VirtualHost *:443 >
  ServerName crk.test.com

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certsca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

****************************
****************************

< VirtualHost >

8)    Restart Apache
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)