### CentOS 7 / RHEL 7 ### systemctl restart httpd ### Ubuntu 16.04 / Debian 9 ### a2ensite observium.conf a2enmod php7.0 a2enmod rewrite a2dismod mpm_event a2enmod mpm_prefork phpenmod mcrypt a2enmod rewrite systemctl restart apache2. Enable Apache service on system boot. Mod_rewrite is an Apache module used to manipulate URL's and is compiled into the base Apache HTTP Server in CentOS. See the mod_rewrite documenation.
If you are starting to migrate your web servers over to Linux (or have already done so) and are looking to serve those pages up over secure http (aka https), you're going to need to know how to make this happen. Although https does will not guarantee security for your web server, it is a solid first step in the process. Configuring Apache for https on CentOS isn't difficult, but there are a few steps. Let's walk through the process, so you can start serving your pages up to your clients/customers more confidently.
This walkthrough will use CentOS 7 and work with a self-signed certificate. The self-signed option works great for personal sites or testing purposes. For your official business rollouts, you'll want to purchase an SSL certificate from a reputable company (such as Digicert, Network Solutions, or GlobalSign). I will also assume you already have Apache running on the server.
More about cybersecurity
With that said, let's begin the process.
Installing and using OpenSSL
The first step in the process is the installation of OpenSSL and the generating of the certificate to be used. To install OpenSSL, open a terminal window and issue the command:
Issuing the above command will pick up all the necessary dependencies (Figure A).
Figure A
Now we generate the SSL key with the following commands:
Generate private key
Generate CSR
Generate Self Signed Key
Now we need to copy the newly generated files to the correct locations with the following commands:
When you issue the command to generate the CSR, you will be asked a number of questions for the key (such as Country Name, State or Province, Locality, Organization Name, Organizational Unit, Common Name, Email Address, etc.). OpenSSL will also require you to enter a challenge password for the CSR.
The next step requires the editing of the /etc/httpd/conf.d/ssl.conf file. Open that file for editing and locate and change the following lines:
changes to:
changes to:
Finally, restart the Apache daemon with the command:
Create a virtual host
Let's create a virtual host that makes use of SSL. To do this we'll create the necessary directories with the following commands:
I'm using 'adorkable' as an example. You can use whatever name you like/need.
Next we must edit the httpd.conf file, so that it becomes aware of the sites-enabled directory. To do this, open up /etc/httpd/conf/httpd.conf and add the following line to the bottom of the file:
Save and close that file.
Now we need to create our virtual host file. We'll do this in /etc/httpd/sites-available/adorkable.conf. Again, swap 'adorkable.conf' with the name of your virtual host. In that file we'll add the following contents (customize as needed):
Save and close that file.
In order for Apache to be aware of the new virtual host, we must create a symbolic link, from sites-available to sites-enabled, with the command:
Restart Apache with the command:
Your virtual host should now be visible to the server. All you have to do is add content to the /var/www/html/adorkable directory and you're good to go.
A quick test
That's all there is to the setup of https on Apache with CentOS. You can do a quick test by pointing a browser to https://IP_OF_SERVER. You should receive a security warning (since we are using a self-signed certificate. Okay that warning and Apache will serve up your site using https. Point your browser to https://IP_OF_SERVER/adorkable to visit the newly created virtual host. Depending on what type of site you are serving up, you might have to do a bit of extra work with that particular platform.
Easy peasy https
You have officially set up your Apache server to work with https. As I mentioned earlier, if you plan on using this for public-facing, business sites, I highly recommend purchasing your SSL certificates from a reputable dealer (or using Let's Encrypt).
See:How to install and use Let's Encrypt on a Ubuntu Server for SSL security (TechRepublic)
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up today Sign up today ![Install A2enmod Centos Install A2enmod Centos](https://www.howtoforge.com/images/how_to_install_omeka_classic_cms_on_ubuntu_1804/big/page4.png)
Also see
- How to install the OpenVAS vulnerability scanner on Ubuntu 16.04 (TechRepublic)
- How to add more entropy to improve cryptographic randomness on Linux (TechRepublic)
- Ebook: Why Munich made the switch from Windows to Linux—and may be reversing course (PDF download) (TechRepublic)
- How Mark Shuttleworth became the first African in space and launched a software revolution (PDF download) (TechRepublic)
- How to fix Apache 2 not executing PHP files (TechRepublic)
- How to solve SELinux issues with ease using SELinux Alert Browser (TechRepublic)
- How to harden MySQL security with a single command (TechRepublic)
- How to harden Ubuntu Server 16.04 security in five steps (TechRepublic)
- Linux Foundation releases business open source basics ebook (ZDNet)
Introduction
Learn how to install and use Apache's
mod_wsgi
module to run Python scripts in a web page. This Apache module can be used to serve web pages written in Python, or to render web pages with embedded Python scripts.mod_wsgi
is a particularly good choice for web developers who are accustomed to the way Apache handles PHP. If you want the power and flexibility of Python, but you want it to work like PHP on the web, mod_wsgi
is a simple answer.<code>mod_wsgi</code> vs <code>mod_python</code>
Many users are confused about the difference between
mod_wsgi
and mod_python
. Both Apache modules have roughly the same effect: They let you run Python modules in a web page. Although
mod_python
has a more robust set of features, mod_wsgi
is under far more active support and development. Therefore, we recommend mod_wsgi
for most users. Requirements
- A Cloud Server running Linux (CentOS 7).
- Apache installed and running.
- A basic familiarity with Python.
Install mod_wsgi
Update your system:
Install
mod_wsgi
with the command:Restart Apache:
Verify that the module is loaded:
The server will respond with:
Configure Apache
For security reasons, the Python scripts should be stored in a directory which is not available on the web. Create this directory:
Set Apache as the owner of this directory, so that it can access the files:
![Install A2enmod Centos Install A2enmod Centos](/uploads/1/2/5/8/125857967/127766100.png)
We will use
WSGIScriptAlias
to configure an alias to the script. Access rights will also need to be granted to the directory where the script is located. Create an Apache configuration file for an example 'Hello World' script, and open it for editing:
Put the following content into this file:
Save and exit the file. Then restart Apache:
Create a Test Script
We will use for this example.
Create the file and open it for editing:
Put the following content into this file:
Save and exit the file. Then set Apache as the owner of this file, so that it can be accessed:
View this file in a browser at the URL . You will see the message 'Hello World!'