[
361
]
We also have a
clause, which allows us to apply specific options to
a directory. In this case, the
/usr/lib/cgi-bin
directory is having the
SSLOptions
+StdEnvVars
settings applied, which enables default environment variables for use
with TLS. This option is also applied to files that have an extension of
.cgi
,
.shtml
,
.phtml
, or
.php
through the
option. The
BrowserMatch
option allows
you to set options for specific browsers, though it's out of scope for this chapter. For
now, just keep in mind that if you want to apply settings to specific browsers, you
can.
By default, the
default-ssl.conf
file is not enabled. In order to benefit from its
configuration options, we'll need to enable it, which we can do with the
a2ensite
command as we would with any other virtual host:
sudo a2ensite default-ssl.conf
Even though we just enabled TLS, our site isn't secure just yet. We'll need TLS
certificates installed in order to secure our web server. We can do this in one of two
ways, with self-signed certificates, or certificates signed by a certificate authority.
Both are implemented in very similar ways, and I'll discuss both methods. For
the purposes of testing, self-signed certificates are fine. In production, self-signed
certificates would technically work, but most browsers won't trust them by default,
and will give you an error when you go to their page. Therefore, it's a good idea to
refrain from using self-signed certificates on a production system. Users of a site
with self-signed certificates would need to bypass an error page before continuing to
the site and seeing this error may cause them to avoid your site altogether. You can
install the certificates into each user's web browser, but that can be a headache. In
production, it's best to use certificates signed by a vendor.
As we go through this process, I'll first walk you through setting up TLS with a self-
signed certificate so you can see how the process works. We'll create the certificate,
and then install it into Apache. You won't necessarily need to create a website to go
through this process, since you could just secure the sample website that comes with
Apache if you wanted something to use as a proof of concept. After we complete
the process, we'll take a look at
installing certificates that were signed by a certificate
authority.
Another method of setting up a certificate on your server is
Let's Encrypt
, a popular (and free) service for encrypting web
traffic. Consider checking out the instructions at the Let's
Encrypt
website at
letsencrypt.org/docs
, as well as the example article
mentioned at the end of the chapter.
Serving Web Content
Do'stlaringiz bilan baham: |