home.


Tagged: https


Let's Encrypt tutorial: create a simple certificate for Apache2

Let’s create a simple certificate for Apache2.

We won’t do automatic renewal, meaning in three months time we’ll have to deal with renewal. But we really should do autorenewal, but we’re just testing things at the moment.

First login to your server. This is the server where your site on the internet, www.blarblaberklaejr.com, or whatever, is based.

Then do this as root:

mkdir -p /opt/letsencrypt
cd /opt/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
./letsencrypt-auto certonly --manual

This creates the directory where we clone the latest letsencrypt. Then we start the manual process to create certificates.

A terminal application will start asking you for your email for correspondence (although you’ll not need to check your email to do anything of this), and the domains for which you want the certificate.

Then it’ll break out of that and ask you to create a file on your publically available site for it to check.

Once that check is finished, it’ll output the certificates to /etc/letsencrypt/live/yourdomain.com.

Now your existing /etc/apache2/sites-available/your-file-name.conf should look something like

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem

  ...
</VirtualHost>

Restart apache. Rejoice.

https letsencrypt unix apache

Jetty 9: Enabling SSL in Embedded Jetty

First create a HttpConfiguration with a HTTP configuration that explains its secure scheme and port:

HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(8443);

Then we’ll create another HttpConfiguration for https that extends from the above but adds a SecureRequestCustomizer

HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());          

Next create a SslContextFactory that points to your Java keystore

SslContextFactory sslContextFactory = new SslContextFactory("/its_dir/cert.keystore");
sslContextFactory.setKeyStorePassword("password");

Note you can prefix the password with OBF: if you’re going to use the Jetty obfuscated password.

Next we’re creating the ServerConnector, passing in the Server class, a SslConnectorFactory and a HttpConnectionFactory.

ServerConnector httpsConnector = new ServerConnector(server, 
       new SslConnectionFactory(sslContextFactory, "http/1.1"),
       new HttpConnectionFactory(https_config));
httpsConnector.setPort(8443);
httpsConnector.setIdleTimeout(50000);           

Finally use this connector, maybe along with a normal Http ServerConnector, to the Server.

server.setConnectors(new Connector[]{ httpsConnector });
java jetty ssl https

Apache: Redirect HTTP traffic to HTTPS

If you want all the HTTP traffic to be rerouted through HTTPS, you need to specify a mod_rewrite rule:

<VirtualHost *:80>
 ServerName  example.com
 RewriteEngine on
 ReWriteCond %{SERVER_PORT} !^443$
 RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

This is saying take all traffic going to port 80 that’s not on port 443 (yeah…) and rewrite it to a https:// url, ignoring case (NC), sending a moved permanently error message (R=301).

Now specify the vhost entry for HTTPS:

<VirtualHost *:443>
  ServerName  example.com

  SSLEngine on

  SSLCertificateFile your_cert.pem
  SSLCertificateKeyFile your_private.key

  ...
</VirtualHost>

The above is a normal SSL vhost entry, specifying the certificate and private key for your HTTPS site.

unix apache ssl https apache-mod_rewrite

Tomcat 7: Deploying a simple Servlet

Now you’ve deployed a simple JSP, you can now alter that to deploy a simple servlet.

First change the web.xml file to point to a servlet. Not the new servlet-class tag.

 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" 
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
   version="2.4">

   <display-name>Hello, World Application</display-name>
   <description> A simple servlet </description>

   <servlet>
     <servlet-name>HelloServlet</servlet-name>
     <servlet-class>org.denevell.tomcat.Hello</servlet-class> 
   </servlet>
   <servlet-mapping>
   <servlet-name>HelloServlet</servlet-name>
     <url-pattern>/hello</url-pattern>
   </servlet-mapping> 

 </web-app>

And now create the Hello.java file in src/org/denevell/tomcat/

 public final class Hello extends HttpServlet {
    @Override
    public void doGet(HttpServletRequest request,
                      HttpServletResponse response)
      throws IOException, ServletException {
        response.setContentType("text/plain");
        PrintWriter writer = response.getWriter();
        writer.println("Sup?");
    }
 }

We’re extending a servlet class, and overriding the doGet method that deals with HTTP GET requests. The first parameter is what’s sent to the serlvet and the second is what’s going back to the client. In it we simply set the content type, get its writer and write something to it.

We now need to update our build.xml to ensure we’re compiling this class. Note we’ve set a new property to point to your tomcat directory, added the libraries in a classpath, and created a new javac and copy task in the compile target.

 ...
    <property name="catalina.home" value="/usr/share/tomcat7" />

    <path id="compile.classpath">
      <fileset dir="${catalina.home}/bin">
        <include name="*.jar"/>
      </fileset>
      <pathelement location="${catalina.home}/lib"/>
      <fileset dir="${catalina.home}/lib">
        <include name="*.jar"/>
      </fileset>
    </path>

    <target name="compile" depends="prepare">
      <javac srcdir="${src.home}" includeantruntime="false" destdir="${build.home}/WEB-INF/classes">
        <classpath refid="compile.classpath"/>
      </javac>
      <copy todir="${build.home}/WEB-INF/classes">
        <fileset dir="${src.home}" excludes="**/*.java"/>
      </copy>
    </target>
 ...

Now you can deploy that servlet and see your new servlet at (if you’ve deployed it to hiya/ again):

 http://localhost:8080/hiya/hello
tomcat tomcat-setup ant tomcat-httpservlet java

Page 1 of 1