Welcome to WebmasterWorld Guest from 54.158.248.167

Forum Moderators: Ocean10000 & incrediBILL & phranque

Apache 2.2.xx | SSl support - diffs in .conf options | semi-newbie

understanding different options for SSL support in http.conf

     
12:46 am on Aug 27, 2017 (gmt 0)

New User

5+ Year Member

joined:Feb 2, 2012
posts: 18
votes: 0


Using Apache 2.2.xx for serving several low-traffic domains with primarily static pages (meaning, unsecure HTTP is generally fine). However, for a variety of reasons, I'm starting the slow process of re-configuring for SSL support for https connections.

In the early stages of this effort, I've noticed several things related to configuring Apache which seem to relate to the same thing. Hoping someone can help me understand the difference between the following bits of code which can, in theory, be placed itno httpd.conf:

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

versus (or, in addition to)

# Bring in additional module-specific configurations
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

If it helps/matters to the answer, I compile Apache from source (as opposed to downloading from a repo), on a box with a recent flavor of openssl installed. I've tried using

./configure --prefix=/usr/local/apache2 --with-included-apr \
--enable-ssl
--with-ssl=/opt/openssl-1.0.1e

and and have tried various permutes to the httpd.conf to get it working. if I try uncommenting the following, which seems like what I should do,

# Bring in additional module-specific configurations
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

system throws an error about missing ssl.conf (which makes sense, since there is no ssl.conf in conf/ssl.conf). Seems like ssl.conmf only gets installed if you yum install (or equivalent) mod_ssl. So, what do you do if you compile from source?

So, I'll start with small steps -- trying to figure out what flags I need to set during compilation, and what SSL-related things I should be configuring httpd.conf.

Thanks much in advance...
2:14 am on Aug 27, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9641
votes: 482


Hi cooch17
unsecure HTTP is generally fine
It won't be fine very soon. All pages, with or without a LogIn or Payment utility, will soon be required to be secure... so good you're getting this done.


<slightly off topic, my apologies if this is unwarranted>
Using Apache 2.2
2.2 went end of life with the release of 2.2.34 in mid July and has a list of vulnerabilities. Anyway you could upgrade to Apache 2.4? That's what I'd do if I was configuring a new server.

Some of the benefits of HTTPS can only be achieved with 2.4.

Also...
2.4 processes faster.
2.4 supports HTTP/2 greatly increasing download speeds with multi-threading.
2.4 is more developed with Windows in mind.
2.4 is more stable.
2.4 introduces harmonization of authentication and authorization mechanisms.
2.4 introduces new authorization container directives.

Note: Before doing an upgrade from 2.2 to 2.4, you should update your Apache configuration accordingly to avoid deprecated directive failure.
4:01 am on Aug 27, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14028
votes: 521


<IfModule mod_ssl.c>
If it's your own server, there is absolutely no earthly reason for the <IfModule> envelope. Either you've got the mod or you don't.
2:53 pm on Aug 27, 2017 (gmt 0)

New User

5+ Year Member

joined:Feb 2, 2012
posts: 18
votes: 0


Yes, its my own server. So, --enable-ssl (which I do during the compilation) is not the same as mod_ssl? And related, what is the difference between httpd-ssl.conf and ssl.conf?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members