Apache Friends Support Forum

[WorstCases]

Hello guys.

I am currently lost, and don't know how to proceed. I find too many different information, and am stuck.

The following is my goal:
Activate SSL on my local XAMPP install, so I can test my site locally with SSL.

I do not care, if the certificate is globally trusted (as I would on a pubic web-server), I just want to use SSL locally, and would not mind the "not trustworthy" warning in the browser.

I've read that XAMPP comes with a certificate, but that should not be used, because everybody using XAMPP will have the same "key" for decryption. I don't care about this part too much either, because I will only use it in a local test environment. Would however still be curios, how to create my own certificate, but that's not as important as SSL functionality in general.

Can somebody point me in the right direction, please?

[Nobbie]

Enter "xampp create ssl certificate linux" into Google and follow any of the multiple advices given there.

SSL is activated by activating the corresponding configuration in httpd-ssl.conf (/opt/lampp/etc/extra/httpd-ssl.conf), edit that file and apply your SSL settings (i.e. apply the Path to your SSL files created before). Probably you have to edit the file with superuser permissions (i.e. using "sudo" for example "sudo vi /opt/lampp/etc/extra/httpd-ssl.conf").

If you have a "real" domain name for your Xampp server (i myself got it from http://www.selfhost.de, which provides DynamicDNS and free choice of domain names for little money), you can get your real SSL certificate from https://www.sslforfree.com/ (instead of creating your private SSL certificate, which is not running on public servers). Its the same provider like letsencrypt, but i prefer the (easier) installation procedure from sslforfree. Only disadvantage: you have to repeat it every 3 month, as they do not offer longer validity. But therefore its a free working SSL certificate for the "real world".

[WorstCases]

Thank you, Nobbie.

For my own, and for other peoples reference, I will document my approach/findings here.

XAMPP's stock SSL-files (ssl.crt/server.crt & ssl.key/server.key) can be forund in /opt/lampp/etc
OpenSSL (to create self-signed certificates) is in /opt/lampp/share

I decided to first use XAMPP's own certificates
With vHosts being enabled, I did first play to get a VirtualHost for phpMyAdmin. I can connect with https://phpmyadmin.local trough these changes:

Code: Select all

<VirtualHost *:80>
    ServerAdmin name@domain.local
    DocumentRoot "/opt/lampp/phpmyadmin"
    ServerName phpmyadmin.local
    ErrorLog "logs/phpmyadmin.local-error_log"
    CustomLog "logs/phpmyadmin.local-access_log" common
</VirtualHost>

<VirtualHost phpmyadmin.local:443>
    ServerAdmin name@domain.local
    DocumentRoot "/opt/lampp/phpmyadmin"
    ServerName phpmyadmin.local
    SSLEngine On
    SSLCertificateFile /opt/lampp/etc/ssl.crt/server.crt
    SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server.key
    ErrorLog "logs/phpmyadmin.local443-error_log"
    CustomLog "logs/phpmyadmin443.local443-access_log" common
</VirtualHost>

Question1:
Anything wrong with this approach, like missing useful, but not mandatory lines, which should be there?

Question2:
Why would one use a wildcard/asterisk (*:80, or *.443) for each VirtualHost, and in which case the Servername (phpmyadmin.local:80, or phpmyadmin.local:443)?

[Altrea]

Question2:
Why would one use a wildcard/asterisk (*:80, or *.443) for each VirtualHost, and in which case the Servername (phpmyadmin.local:80, or phpmyadmin.local:443)?

Simple rule: Use always the wildcard except you want to be sure to separate matching domains for single IP-Adresses.
If a virtualhost should only match for a single ip address then use always the IP-address itself and never a domainname.
A fully qualified domain name is supported by Apache in replacement of the ip-address but not recommend because it will mostly always produce more negative side effects than help, for example if the domain cannot be resolved by the Apache server.

Apache itself does not recommend the fully qualified domain name too and you will not find an example in the docs that uses a fully qualified domain name:
https://httpd.apache.org/docs/2.4/en/mod/core.html#virtualhost
https://httpd.apache.org/docs/2.4/en/vhosts/
https://httpd.apache.org/docs/2.4/en/vhosts/examples.html

[WorstCases]

Thank you, Altera. That helped.

So this is the working example httpd-vhosts.conf for the phpMyAdmin:

Code: Select all

<VirtualHost *:80>
    ServerAdmin name@domain.local
    DocumentRoot "/opt/lampp/phpmyadmin"
    ServerName phpmyadmin.local
    ErrorLog "logs/phpmyadmin.local-error_log"
    CustomLog "logs/phpmyadmin.local-access_log" common
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin name@domain.local
    DocumentRoot "/opt/lampp/phpmyadmin"
    ServerName phpmyadmin.local
    SSLEngine On
    SSLCertificateFile /opt/lampp/etc/ssl.crt/server.crt
    SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server.key
    ErrorLog "logs/phpmyadmin.local443-error_log"
    CustomLog "logs/phpmyadmin443.local443-access_log" common
</VirtualHost>


Question:
Is there a way, that I can make connections to phpmyadmin.local (which would be a port 80, http-request) being redirected to https/443? I wold like to have this rewrite rule on a vhost-level, not on the global level for all connections.

[Altrea]

Sure,

Change the port 80 virtual host to this:

Code: Select all

<VirtualHost *:80>
   ServerName phpmyadmin.local
   Redirect / https://phpmyadmin.local
</VirtualHost>

[WorstCases]

Thank you, Altrea.

I guess, I should rephrase my question. It might not have been clear, what I want.

In my config file above, I have two VirtuaHosts for "phpmyadmin.local".
One, which listens on *80 for http, and one that listens on *443 for https.

My goal:
If I call "http://phpmyadmin.local:80" by simply typing "phpmyadmin.local" in the address box of the browser, I want a redirect (for this specific virtual host) to SSL/443. This redirect should only apply for this one virtual host, and not globally.

How do I approach this?

[Altrea]

Like i described above.

Your virtual host for port 80 only defines the domain name it is matching for and the redirect to https which automatically will request the domain on port 443 (default port for HTTPS/SSL).
Isn't that what you wanted? That is what i understood.

[WorstCases]

Isn't that what you wanted? That is what i understood.

It sure is. I have to admit, I somehow did not fetch your "Redirect" code-line. Must have had a brain blockade...

Your suggestion is working like a charm. Thank you!

[Altrea]

You are welcome