tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Cloud Lighthouse
    Documentation
    Download PDF

    Installing Certificate on Apache Server (Linux)

    Last updated: 2024-03-20 14:38:45
    Download PDF

      Overview

      This document describes how to install an SSL certificate in a Lighthouse instance and enable HTTPS access. The example instance uses an LAMP application image with Apache software pre-installed.
      Note:
      The SSL certificate used in the document is provided by Tencent Cloud. For more information on this service, see Overview and Purchase Guide.

      Preparation

      Install the remote file copy tool such as WinSCP. The latest official version is recommended.
      Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
      Open port 443 in your firewall policy. For more information, see Managing Firewall.
      The data required to install the SSL certificate includes the following:
      Name
      Description
      Lighthouse instance's public IP address
      Instance IP address used to connect a local computer to the instance.
      Username
      The username used to log in to the Lighthouse instance, such as `root`.
      Password or SSH key
      The password matching the username used to log in to the Lighthouse instance, or the bound SSH key.
      Note:
      You can log in to the Lighthouse console, find the target instance, and enter its details page to view its public IP address. After the instance is created, first reset the password and remember it, or bind an SSH key and save the private key file. For more information, see Resetting Password and Managing Keys.

      Directions

      Installing certificate

      1. Log in to the SSL Certificates Service console, download and decompress the SSL certificate file (with the name cloud.tencent.com as an example here) to a local directory. After decompression, you can get the relevant certificate files, including the Apache folder and CSR file:
      Folder name: Apache
      Files in the folder:
      1_root_bundle.crt: Certificate file
      2_cloud.tencent.com.crt: Certificate file
      3_cloud.tencent.com.key: Private key file
      CSR file: cloud.tencent.com.csr file
      Note:
      You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
      2. Log in to the Lighthouse instance. See Logging In to Linux Instance via WebShell.
      3. Run the following commands in sequence to enter the Apache installation directory and create the ssl folder.
      cd /usr/local/lighthouse/softwares/apache
      sudo mkdir ssl
      4. Copy the obtained 1_root_bundle.crt, 2_cloud.tencent.com.crt, and 3_cloud.tencent.com.key files from the local directory to the created /usr/local/lighthouse/softwares/apache/ssl directory. For more information, see Uploading Local Files to Lighthouse.
      5. Run the following command to edit the httpd.conf configuration file.
      sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
      6. Press i to enter the edit mode and make the following changes:
      6.1 Delete the # in #LoadModule ssl_module modules/mod_ssl.so.
      6.2 Delete the # in #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so.
      6.3 Replace localhost in ServerName localhost with the certificate name. A modified sample is as shown below:
      ServerName cloud.tencent.com
      6.4 Delete the # in #Include conf/extra/httpd-ssl.conf.
      7. Press Esc and enter :wq to save the changes.
      8. Run the following command to modify the httpd-ssl.conf configuration file.
      sudo vim /usr/local/lighthouse/softwares/apache/conf/extra/httpd-ssl.conf
      9. Press i to enter the edit mode and make the following changes in <VirtualHost _default_:443>:
      9.1 Replace www.example.com:443 in ServerName www.example.com:443 with the certificate name. A modified sample is as shown below:
      ServerName cloud.tencent.com
      9.2 Modify the paths of the certificate files:
      SSLCertificateFile "/usr/local/lighthouse/softwares/apache/ssl/2_cloud.tencent.com.crt"
      SSLCertificateKeyFile "/usr/local/lighthouse/softwares/apache/ssl/3_cloud.tencent.com.key"
      SSLCertificateChainFile "/usr/local/lighthouse/softwares/apache/ssl/1_root_bundle.crt"
      
      9.3 Add the following content:
      <Directory "/usr/local/lighthouse/softwares/apache/htdocs">
             Options Indexes FollowSymLinks
             AllowOverride all
             Require all granted
      </Directory>
      10. Press Esc and enter :wq to save the changes.
      11. Run the following command to restart the Apache service.
      sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
      After the successful restart, you can use https://cloud.tencent.com for access as shown below:
      
      

      (Optional) Setting automatic redirect of HTTP request to HTTPS

      You can configure the instance to automatically redirect HTTP requests to HTTPS in the following steps:
      1. Run the following command to edit the httpd.conf configuration file .
      sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
      2. Press i to enter the edit mode and make the following changes:
      2.1 Delete the # in #LoadModule rewrite_module modules/mod_rewrite.so.
      2.2 Find <Directory &quot;/home/www/htdocs/&quot;> and add the following content: 
      RewriteEngine on
      RewriteCond %{SERVER_PORT} !^443$
      RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
      The result should be as follows:
      
      
      3. Press Esc and enter :wq to save the changes.
      4. Run the following command to restart the Apache service.
      sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
      At this point, you have successfully set the automatic redirect to HTTPS. You can use http://cloud.tencent.com to redirect to the HTTPS page.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy