啟用Ubuntu的https @ 俺！雜物雜記！

資料管理系統已架好一陣子了，但一直卻沒有完成https的啟動

就利用這一陣子修改系統架構，查一下怎樣修改及啟動https，也順便記錄一下

至於憑證要不要去申請，就看公司政策如何決定了....

我只管架好等著就是了....

參考引用來源：

Ubuntu 12.04啟用apache的 SSL

鳥哥的Linux私房菜

已確認：

Ubuntu 13.10 可正常執行（apache 的VirtualHost 設定檔在/etc/apache2/sites-avaialable/000-default.conf）

Ubuntu 12.04 可正常執行（apache 的VirtualHost 設定檔在/etc/apache2/sites-avaialable/default）

1.安裝apache （這是假設沒有安裝或版本比較舊）

這個步驟必須要連結網路才行

sudo apt-get install apache2

2.啟用SSL模組
sudo a2enmod ssl

執行後顯示訊息如下：
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart

3.重新啟動apache2
sudo service apache2 restart

4.建立存放金鑰相關資料的目錄
sudo mkdir /etc/apache2/ssl

5.建立金鑰

金鑰的有效期限是365天（修改為十年則為 -days 3650 ...以此類推）

同時設定金鑰存放檔的位置，在此設為將 apache.key 及 apache.crt 兩個檔放在 "/etc/apache2/ssl/" 目錄下

另外，apache.key 及 apache.crt 這兩個檔名可視需要另命名及設定存放位置

在設定apache2 組態時 "SSLCertificateFile"、"SSLCertificateKeyFile" 這兩個項目要指定好路徑及檔名

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

接著會要求填入金鑰的相關資料

Country Name (2 letter code):TW
State or Province Name (full name) [Some-State]: Taiwan, Republic of China
Locality Name (eg, city) []:TaiTai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WaHaHa Co. , Ltd.
Organizational Unit Name (eg, section) []:Tea-CoffeeOrMe Sec.
Common Name (e.g. server FQDN or YOUR name) []:None.com
Email Address []:root@None.com

完成後到/etc/apache2/ssl/ 目錄中，就可以看到建立的兩個金鑰檔

6.設定並修改apache openSSL的組態檔

sudo vi /etc/apache2/sites-avaialable/000-default.conf

(Ubuntu 12.04版，組態檔為 /etc/apache2/sites-avaialable/default)

原內容如下：

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

複製以下的內容，並於檔案最下貼上複製內容,紅字底線顯示的內容為必須留意
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName example.com:443
DocumentRoot /var/www --> 可以用來分離HTTPS的工作文件目錄位置
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/apache.crt#==> 指到第五步所建立金鑰檔名( -out /path/..../Filename.crt)
SSLCertificateKeyFile /etc/apache2/ssl/apache.key #==> 指到第五步所建立金鑰檔名( -keyout /path/..../Filename.key)

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>

7.重新啟動apache
sudo service apache2 restart

連結 HTTPS 的成果.....(因為憑證是自己生產的，未經CA認證，但也可以用啦！！)