Apache plus https, set up a secure web site

Another limitation on home ISPs, besides the dynamic IP address, the http default port 80 is blocked.

Using some open port test tools check against my home external IP address, and found out 443, the default https port is still open. So I decide to use the https protocol instead.

This web site is built on top of apache web server, in windows environment. To have apache provide https connections, the apache with ssl support version should be downloaded, and installed first.

  • create the site SSL certificate

After installation, at /bin  directory of apache, there should be a openssl.exe module.  Besides, there is a openssl.conf under /conf folders.

There are three steps to create the certificate.

  1. create the new key
    openssl req –config openssl.conf –new –out ./ssl/best2jj.csr –keyout ./ssl/best2jj.pem
  2. remove the passphrase from the key(for safety)
    openssl rsa -in ./ssl/best2jj.pem -out ./ssl/best2jj.key
  3. Convert request into signed certificate
    openssl x509 -in ./ssl/best2jj.csr -out ./ssl/best2jj.cert -req -signkey ./ssl/best2jj.key -days 365
  • install or configure the certificate

modify the http.conf files, change the setting as below,

  1. enable ssl modules
    as uncomment this line, LoadModule ssl_module modules/mod_ssl.so
  2. enable ssl configurations
    as uncomment this line, Include conf/extra/httpd-ssl.conf
  3. add these lines at the end of the http.conf
    SSLMutex default
    SSLRandomSeed startup builtin
    SSLSessionCache none
  4. at httpd-ssl.conf, point to the correct certificate and certificatekey files
    SSLCertificateFile “the directory to your cert file just now created/best2jj.cert”
    SSLCertificateKeyFile “the directory to your key file just now created/best2jj.key”

Restart the server, and test using https://yourServerAddress.

Godaddy plus dyndns

This web site is hosted on a home PC. The domain name is registered with <a href=”www.godaddy.com”>godaddy </a>. Most direct and easiest configuration with godaddy is to point to the home pc address, then it’s done. However, it’s not the case for a home pc with non-static ip address. Then dyndns comes into view to work.

Anyone can register a free dyndns host, and point to your home pc ip. One good feature dyndns provides is, there are either routers, or client applications to update the dynamic ip address to dyndns server automatically. In such case, the dyndns registered host can always point to the correct home ip address.

As for godaddy, there is no simple configuration as pointing the registered domain to the dyndns host name. Life is not easy. However, there are CNAME configuration which can be utilized. I have configured the www CNAME for this domain, to point to my dyndns host. As a result, http://www.best2jj.com would point to my dynamic ip address in-directly in such way, yet always correctly.

One more add-on for this setting is, best2jj.com won’t works pointing to my home server, instead pointing to the godaddy free parking web site. To correct this, the domain forwarding features can be utilized.

Select manage forwarding under the registered domain, then point to https://www.best2jj.com. Wait for few minutes, to have the configuration updated to the server, everything now perfect.