Tutorial: How to add SSL to a LAMP Web Server on Ubuntu 14.04 (2015)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone welcome back to another tech nerd tutorial today we are going to be installing a self-signed SSL certificate on our home server so that we can use secured HTTP so this topic was requested by one of our viewers to increase the security of their home server when accessing it from outside their home network what this allows is for your data to be encrypted from your home server to any external clients computers that are outside your home network that's preventing other external users from being able to see your data and do nefarious things with that information we want to get started by making sure the software is up-to-date so I've just closed the software updater because I had finished updating and now in terminal I want to enable SSL slabby sudo a2 and mod SSL and this will enable the future in our passion so we can go ahead and now we need to restart apache so that i can now load with that new setting from there we need to generate our own self-signed certificate if you do have your own domain you can choose to purchase one and therefore be able to have one that is not self signed we want to first create a directory where these certificates will live and then from there we want to create the self-signed certificates this one is pretty complex so you can copy it off the screen or you can go to our written tutorial and be able to copy this long string for creating the self-signed certificate this certificate will be valid for two years so after that two years we'll have to recreate a new certificate to replace the old one at that time so from there once this particular command is done we will have created our certificates and we'll just need it pashya web server to look at those certificates when the command is run it is going to ask for information like our country as well as our province additional information about your company if you have it so here is our location we're going to put Edmonton and then our organizational name so here I'm going to put tech nerd services these things if you leave them blank that's completely fine as well and then the common names this is the important one we want to be able to put what our web address is going to be so I'm putting our dynamic DNS address tech nerd services ddns net this one is the one we need to for sure put in correctly and then the email address this is one that we should also put in correctly as if there's any issues you will receive that email so now that this SSL certificate is created we can now go into Apache and change our settings for Apache to make sure that this can run now we want to open the Pasha file that has the configuration for SSL so for us to do that will type out sudo nano and its file location etc apasa to sites available and the one that we are looking for is the SSL one so there will be default - SSL dot conf you'll be able to see it on the screen from there where we want to go is down a few lines we are looking for the SSL certificate file as well it's the SSL certificate key file so when we get to those two locations it will have some of the default ones that at that location there may or may not be files so we can go ahead and at the SSL certificate file delete the section that has the default file location and then we can go ahead and place our own file location for the key and certificate we created so here i've deleted that location and adding ours so etc of pascha - SSL and we're looking for our apache dot CRT source or certificate then we also want to change a heart key file so once again I'm going to read the default one found in this file and I'm going to add now our key file so once again etc apache2 ssl and then a pasha a donkey fund there we want to save with ctrl o and then we can exit with ctrl X and then from there we do need to enable our default SSL configuration so we'll go ahead and type in sudo a2 and site and default - SSL dot C o and F this will enable the configuration that we just changed and then from there we now need to reload a passion with our sudo service a Pasha - and restart then from there we are now good to go to be able to launch a web browser and see whether or not our SSL encryption has taken hold so that's now all reloaded we now want to go ahead and open up Firefox and in Firefox we can now go to our dynamic DNS web address location so I'm going to just move the window up and then we'll go ahead and type in here our tech nerd services dot d D D D and s dotnet and then from there we want to also add in to HTTPS from there we get to this certificate is untrusted this is because it is self fine click on I understand the risks and add the exception this will then save it in Firefox so that we won't get this pop up every single time well confirm the security exception and then now here we are in our secured HTTP direction to our Ubuntu page just as a note is that we did do this in Firefox if you do use Google Chrome or Microsoft's Internet Explorer adding the self signed certificate as an exception has different instructions the other thing that we do want to look at is if there are situations where we want to have our server set so that the HTTP the unsecured HTTP will redirect automatically to the secure at HTTP pass so with that we can go back into terminal and be able to make changes and add a mod rewrite so in terminal we want to go ahead and edit the Apache config so go sudo nano etc Apache 2 and Apache 2.0 and F the configuration of our Apache file go ahead and enter your password if necessary we want to go ahead and scroll all the way to the very bottom once we go down there what we're going to be adding is command so that if the HTTP address is given it will automatically redirect to the HTTPS so first we're going to start with a comment so we'll start with the number sign and then HTTP to HTTPS redirect so we know what we're doing the next are three lines of code that will allow the Apache server to always redirect so we have rewrite engine setup on we have our rewrite condition is when our HTTP is not on so that's where we have the apostrophe equals instead of just equals so it's not long and then what we're going to have is our rewrite rule so this rewrite rule will say take whatever is currently in the HTTP and from there forward to the HTTP this mod rewrite allows you to do rewrite for any of the directories so that means that it's not just tech nerd services ddns dotnet it could be tech nerd services ddns net forward slash own cloud forward slash plex any of those things will then work as long as it's coming in from the standard port 80 and it's trying to find a standard ssl port of 443 so we have those three lines written into our code we do control o to save control X to exit and now we want to ensure that the mod rewrite is enabled so we'll go sudo a to n mod rewrite here I'm going to see that it's already enabled this is good you might see that it isn't enabled and it has enabled then we just want to go ahead and restart apache with sudo service a pop should restart from there we're now good to go we can go back to our web browser and here you will see me just delete the s for HTTP you'll see how it already goes to the HTTP environment from here I'm just going to show it I'm going to also go to own cloud once again not secured so you'll see in the address bar that is just HTTP and then now it is HTTPS so there you have it we have now added in a self-signed certificate to our home server we are able to go ahead and also do a rewrite so that anytime user is trying to access our server and any web applications it will always end up going to the secure sites hi everyone thanks again for watching this video please don't forget to like this video and subscribe to the channel if you haven't already and go ahead and leave a comment down below if you have any additional questions or comments furthermore check out some of our related videos or find us in our social media if you would like email notifications of whenever we release new video or written tutorials you can go to our web page tech nerd services comm and sign up for a weekly newsletter we will send to your inbox notifications of those new video and tutorials thanks again for watching and until next time keep checking
Info
Channel: Tech Nerd Services
Views: 23,385
Rating: undefined out of 5
Keywords: Web Server (Software Genre), Tutorial (Media Genre), How-to (Website Category), Ubuntu (Operating System), LAMP, SSL
Id: HxyKP4oesY0
Channel Id: undefined
Length: 10min 25sec (625 seconds)
Published: Mon Apr 13 2015
Related Videos
how to configure https server in centos 7 , redhat 7 (ssl tls certificate)
Android and Tech Solutions
36K
Google Data Center 360° Tour
Google Cloud Tech
5.1M
Proxmox VE Full Course: Class 6 - Creating Virtual Machine Templates
Learn Linux TV
104K
How to install and run Apache web server in Ubuntu Linux
danscourses
760K
Apache2 - Enable https - Localhost Ubuntu 22.04
Learn Programming With Bala
9.5K
How to Install SSL Certificate on Linux Apache Web Server
StackInstance
107K
Getting started with Ansible 06 - Writing our first Playbook
Learn Linux TV
88K
How to Install Free SSL Certificate on Godaddy | Step by Step Tutorial
PrG Tech
27K
Linux Crash Course - The sed Command
Learn Linux TV
109K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
7.6M
Set up a Full Network using OPNsense (Part 2: OPNsense)
Home Network Guy
65K
SSL Certificates in OpenSSL CentOS/Linux
Sandbox Tutorials
121K
Configuring HTTPS or SSL on apache web server
Amit Nepal
75K
Getting started with Ansible 02 - SSH Overview & Setup
Learn Linux TV
207K
Docker For Beginners: From Docker Desktop to Deployment
Travis Media
714K
Free SSL Certificate with Let's Encrypt & Installation with CertBot on Apache Webserver
Astral Web Inc.
46K
Boston Dynamics NEW Humanoid Robot SHOCKS The ENTIRE Industry! (Atlas 2.0)
Matthew Berman
87K
Apache HTTPS / SSL Site, Redirect HTTP to HTTPS Tutorial
HelpfulTechVids
118K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.