Thursday, November 8, 2007

How to Install Apache2 for SSL and Load Balancing

sudo apt-get install apache2
I chose the default file serving location and changed its ownership for my convenience...
sudo chown richard:richard /var/www

Ubuntu (both Feisty Fawn and Gutsy Gibbon) is missing the apache2-ssl-certificate script. You can find it here (the download is called Apache2-ssl.tar.gz):

http://www.lingams.net/

Do this after you've extracted the files:

sudo mv ssleay.cnf /usr/share/apache2
sudo mv apache2-ssl-certificate /usr/sbin
sudo mkdir /etc/apache2/ssl


Don't do this (because a2enmod and a2ensite really screws things up!):

https://help.ubuntu.com/community/forum/server/apache2/SSL

(But it could be useful for other websites.)

Do this:

sudo apache2-ssl-certificate -days 365
sudo echo "Listen 443" | sudo tee -a /etc/apache2/ports.conf

Add the following to /etc/apache2/httpd.conf (substituting the appropriate IP address, server name, application name, etc.):

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

ServerName www.mydomain.com
NameVirtualHost 192.168.1.101:80
<virtualhost 192.168.1.101:80>
RewriteEngine on
ProxyRequests off
DocumentRoot /var/www
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [L,R]
</virtualhost>

NameVirtualHost 192.168.1.101:443
<virtualhost 192.168.1.101:443>
RewriteEngine on
ProxyRequests off
ProxyPreserveHost on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/ssl
ProxyPass /seaside/go http://localhost:9090/seaside/go
ProxyPassReverse /seaside/go http://localhost:9090/seaside/go
RewriteRule ^/$ http://localhost:9090/seaside/go/$1 [P,L]
</virtualhost>


I chose to put all my SSL-specific stuff in the ssl folder:
mkdir /var/www/ssl

sudo /etc/init.d/apache2 restart

This is very useful for load balancing:

http://www.howtoforge.com/load_balancing_apache_mod_proxy_balancer

No comments: