The most important thing after blogsite building is the security measure. e.g. network defence, SSL, backup. Hence I will share my experience of how to strengthen my blog site. Firstly the configuration method of ssl.

The method I used is from a Chinese blog article. 

Before that, I have tried some methods but it always didn’t work. I thoughts If you encounter the same Issue as me, and your server is as same as me, you can try this method on your blog sites. I hope it will be helpful. So, firstly, please check your server version and others configuration of server. You can compare with mine

  • Precondition:
  • base on the apache2 and ubuntu 16.04 LTS.
  • SSL certificate file from aliyun.com
sudo a2enmod ssl 

If the following result display on the window, the configuration is fine.

Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

If not, run the following command to install the Opehnssl

sudo apt-get install openssl 
sudo a2enmod ssl

If the command is not invalid, run the following command.

sudo ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load
sudo ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf

 

Upload your SSL certificate files to /etc/apache2/yoursslfoldername/.

And you’ve better to rename the SSL files before you upload.

  • www.yourdomain.com_public.crt->yourdomain_public.pem
  • www.yourdomain.com_chain.crt>yourdomain_chain.pem
  • www.yourdomain.com.key>yourdomain.key
vi etc/apache2/sites-enabled/default-ssl.conf 

(P.S. If you can not find your default-ssl.conf file, you can run the following command.)

sudo a2ensite default-ssl
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/  #your site root folder
Servername www.yourdomain.com
 
#   Enable/Disable SSL for this virtual host.
SSLEngine on
 
#   SSLCertificateFile directive is needed.
SSLCertificateFile  /etc/apache2/ssl/ yourdomain_public.pem
SSLCertificateKeyFile   /etc/apache2/ssl/ yourdomain.key
SSLCertificateChainFile /etc/apache2/ssl/yourdomain_chain.pe
vi /etc/apache2/mods-enabled/ssl.conf
Enable only secure ciphers:
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
 
# Default: Off
SSLHonorCipherOrder on
 
#  SSL v2  is no longer supported
SSLProtocol all -SSLv2 -SSLv3

 Restart the apache2 service and do a test to access https://yourdomain.com

>sudo /etc/init.d/apache2 restart

If there is a necessity to redirect the http to https. Run the following command.

sudo a2enmod rewrite
vi /etc/apache2/sites-enabled/000-default.conf

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R=301]

Restart apache2 service:

sudo /etc/init.d/apache2 restart