Running DAB Appliances in SSL Mode

From Proxmox VE
Jump to: navigation, search

This is an example using the Joomla! OpenVZ template

make-ssl-cert command is found in the ssl-cert package which comes installed by default in the Joomla template here.

Although we can use the pre-created SSL certificate for the Snake Oil Company available at /etc/ssl/certs and /etc/ssl/private folders, it is advisable for the sake of uniqueness of each install, to regenerate them thus:

make-ssl-cert generate-default-snakeoil --force-overwrite

In order to run Joomla in SSL mode (HTTPS), we need to upload a file (say, named ssl which is a subset of the file at /etc/apache2/sites-available/default-ssl) with the following contents atleast:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/joomla/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/joomla/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ErrorLog /var/log/apache2/error.log
	LogLevel warn

	CustomLog /var/log/apache2/ssl_access.log combined

	SSLEngine on

	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	BrowserMatch ".*MSIE.*" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

Then we need to execute the following:

a2enmod ssl
a2ensite ssl
/etc/init.d/apache2 reload

Now we can browse to https://youripaddress to view the site in SSL mode.