How to Install Apache2 on Ubuntu. Configure http to https redirect with free Let's Encrypt SSL cert.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello today we'll continue where we left last week and we install Apache web server on the always free abund server we built on Oracle Cloud last week then we'll configure Apache virtual host to serve our own hello world page over HTTP then we'll go get a valid SSL certificate from let's encrypt a configure Apache so all the requests for the hello world page are redirected to https and finally we'll set up so that SSL certificate outut renew there's only going to be a couple of Oracle specific steps so this tutorial can be used even if your server is not on Oracle Cloud if you don't have server yet please watch the last week's video on how to build always free abund to server on Oracle cloud and how to reserve free static IP now to begin today the first thing that you want to do is go to your domain reg register and create a DNS record so it points to your Oracle server or your whatever server you're using so I already did that I went here and for my tech.net domain I pointed a subdomain hello world to the that we reserved last week the next thing you want to do is go in and SSH back into your instance once connected we'll switch to root and then we're going to go ahead and install Apache once we have Apache installed we will run this command to open port 80 on IP tables followed by this command that will save the configuration so if our server restarts Port 80 is still opened now that we have Port 80 open there is one more step that we need to take in order to be able to access this server on Port 80 and that's an oracle specific thing so you're going to have to go to your Oracle console and search for the word Gateway we're going to look for internet gateway in the internet gateway we will go down to security list by default the internet gateway only allows Port 22 and icmp requests from the internet so we're going to want to come here and add a rule that will allow traffic from the internet to Port 80 and we're going to call this HTTP and since we're here we may want to add one more rule that will allow traffic on Port 443 for our https later so I'm just going to do it now all right now that we have Port 80 Port 443 on the internet gateway are open and one more thing actually let's while we are here let's do this we're going to run this exact same command on 443 and save it again and that way we have both firewalls the IP tables here and the internet gateway that serves kind of like a firewall on both places we have 80 and 443 open so now if we go to our browser and try to access Hello World Tech to net we should get the Apache welcome page The Next Step will be to create a virtual host that will point to our hello world page so I'm going to go back to my terminal and I'm going to make a copy of a patches default virtual host and we're going to make some changes into it so we're going to do copy at Pat to sites varable and I will call it hello world.com and I'm GNA go into it with Nano and here I'm going to do some cleanup so all the commented stuff I'm going to delete we're not going to need any of that all right so we can leave the log logs here uh we don't need this one so we're going to add a couple actually for now we're just going to add one extra line here we're going to say server name and that will be hello world. tech.net our document route will be I'll just call it hello world all right and that's all we need for now and go ahead and save this and then I'm going to have to create the document rout so and I'm going to create an index file in it and in the index file I'm going to say hello world and I can go ahead and save it and we can go ahead and restart Apache and now if we refresh here we should see our hello world page instead of the Apache welcome page all right now let's see what is wrong oh I forgot to enable the virtual host so to do that we have to write a to inside hello world and then we restart Apache one more time and now if we go here we should see our hello world page now that we have our hello world page serving up on Port 80 we can go ahead and start working on getting that SSL certificate so so we're going to go back to our terminal and here what we're going to do is we will install a tool called search b so I'm going to run app install Search bot all right now that we have sear bot installed we're going to have to create a directory called well known in our document rot so we do make here V hello world well d and make sure that you put the dot in for of welln because it has to be a hidden directory so well known okay The Next Step would be to change the group to that directory so it's owned by our web server then we're going to set group ID and that way anything that gets created later in that hello world directory will inherit the group of the hello world directory so and the next command we will go ahead and request the SSL certificate for our hello world. te to.net subdomain and here we're going to give an email address agree yes and there you go we successfully got our certificates now the next thing will be to go to our Apache virtual host file that we created earlier and add a directive for SSL so what I'm going to do here is to make it easier for me I'm just gonna copy this part and paste it right under it then we're going to change here for 443 everything else could stay the same can add few lines here so one will be SS L engine on and then we're going to give it path to our certificates key and chain so okay I'm going to save the file and go and get the path so what I usually do is the easiest way for me to do is like this okay so I'm going to copy this path and go paste it back into the virtual host let's do this and here we're going to do seert pam priv key. pam and chain. Pam again save and the next thing we want to do is enable SSL mode a2en mode SSL and then we restart a patch and now if we go back here and refresh it's serving on Port 80 HTTP but if we change it to https we get an error so let's see what we did wrong oh there it is I have 442 instead of 443 fix this save the file and restart Apache again and now if we go our browser and restart we get our secure encryption here you can click and take a look at your certificate and you have a valid certificate until March so 90 days so the next thing we want to do is cuz the way it is right now if somebody would go to our site on HTTP it will serve HTTP so we're going to make it so it redirects all the requests even if they try to go to http they get sent to https so to do that we're going to go back to our configuration file and in here where the directives for HTTP are we're going to add an extra line and we're going to say redirect permanent and then we're going to point it to https and I'm just going to copy and paste it so I don't misspell it let me save it come here refresh the page and there you go we got redirected the last thing we want to do is uh we want to set up our certificates for auto renewal so to renew the certificates with sech board it's pretty easy all you have to do is run a command seert bot and then renew and it's going to check and if there's certificates for Renewal it will go ahead and do the renewal for you but because we still have plenty of time until our certificates due to Renewal it's not going to do anything it's just going to skip it so what you can do is you can create a crown job that runs like maybe a day or two before the expiration date that will go ahead and run this command for you and it will renew your certificates so to do that you can go to your Chrome tab so Crown tab Das e and here we can at a line so let's say we're going to do it at 0o minutes 8:00 and we're going to do this every so the certificate expires every 90 days so let's say every 88 days at 8:00 and 0 minutes we will run the Search bot renew command so it will give the full path to uh the Search bot just in case it's a good practice you give food pet so USR slash bin seert bot renew and this is all you should have to do now every 88 days this command should run and renew your certificates I think that's it for now you have your web server that it's running https it's forcing everything through https it's serving your hello world page so if you want you can put your own code up there and it will be served and it's always free server so yeah pretty cool stuff I hope this video was helpful to you if you liked it please click on the like button and um if you want to see more of my videos please check out my channel and please subscribe

Info

Channel: TechTutelage

Views: 7,312

Rating: undefined out of 5

Keywords: let's encrypt, certbot, ssl, tls, free ssl, free certificate, apache2, httpd, web server, oci, free oracle cloud, free tier, ubuntu, ubuntu server, vhost, crontab, https, http, 80, 443, virtualhost, virtual server, oracle free tier, free forever, free tls, free cert

Id: SO11Og_WgSs

Channel Id: undefined

Length: 13min 12sec (792 seconds)

Published: Wed Dec 22 2021