7,613
edits
Changes
Jump to navigation
Jump to search
Research Computing Configuration (view source)
Revision as of 16:50, 10 September 2020
, 16:50, 10 September 2020→HTTPS
To set up HTTPS using Let's Encrypt, see https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-20-04/
Install it and make some directories...
apt update
apt install certbot
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
takes ~20 secs
mkdir -p /var/lib/letsencrypt/.well-known
chgrp www-data /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt
Set up the config files
vi /etc/apache2/conf-available/letsencrypt.conf
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
vi /etc/apache2/conf-available/ssl-params.conf
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
Header always set Strict-Transport-Security "max-age=63072000"
Enable some apache2 mods!
a2enmod ssl
a2enmod headers
a2enconf letsencrypt
a2enconf ssl-params
sudo a2enmod http2
systemctl reload apache2
Run certbot!
certbot certonly --agree-tos --email ed@edegan.com --webroot -w /var/lib/letsencrypt/ -d edegan.com -d www.edegan.com
Note that I needed an @ entry in my A record for edegan.com pointed to my IP address to get the main challenge to succeed.
Then:
==Old machines==
