Category Archives: Apache

Tips, hints, and tutorials for Apache HTTP Web Server

Let’s Encrypt and VirtualMin

Let's Encrypt IconSecurity is now a central concern for technical people and I would argue for most consumers. It is now typical for criminals to target banks, hospitals, and other critical institutions. Privacy is also an issue that is central to a free and progressive society. One solution that gets thrown out is SSL encryption for websites and how we all now need to secure our sites with an SSL certificate. Due to the market though, SSL certificates are one of those things that companies have a hard time making money off of. Most people do not buy SSL certificates, so you wind up with a market that sells bare bones SSL certificates that range around $25 and extended validation certificates for large ecommerce websites that cost thousands of dollars. This is where Let’s Encrypt changes things. Their certificates are free and are recognized by the web browser as a valid secure certificate. This makes SSL encryption a zero cost option for millions of individual webmasters who run websites like WebKeyDesign. There is one other difference with Let’s Encrypt certificates: they are limited to 3 month intervals instead of yearly intervals. However what makes Let’s Encrypt more appealing to webmasters is that the software makes renewals automatic and there is now software integration with cPanel and Virtualmin control panels.

My personal project is a virtual machine that I keep for journal purposes. It allows me the ability to write some thoughts and archive information for later viewing. The virtual machine runs CentOS 7 Linux and can be controlled using Virtualmin. The SSL certificate that was originally setup was self-signed and so I would have to manually add the certificate to iOS, MacOS, and make exceptions in browsers in order to use the website.

I followed TechJourney’s excellent guide: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin & Webmin. There were a couple of issues I found out along the way.

Webmin Configuration

The tutorial did not specify the path to the client command. For CentOS, I found this to be:

/root/letsencrypt/letsencrypt-auto

Webmin Let's Encrypt command configuration

Let’s Encrypt SSL for Webmin Login

A secondary problem that I ran into had to do with the separate subdomains. The Apache webserver will respond on your typical www.mydomain.net and mydomain.net, however the Webmin control panel is accessible by another prefix to mydomain.net. Under Virtualmin – Server Configuration – Manage SSL Certificate, the default will be Domains associated with this server. This setting will only pull in the domains that Apache is setup for. If you want to use the Let’s Encrypt SSL Certificate for other subdomains, you have to select Domain names listed here and manually type all your subdomains. You can then under the Current Certificate tab use the Copy to options and use the same certificate for Webmin, Usermin, etc.

Virtualmin Let's Encrypt Manage

If you went ahead and hit the Request Certificate button and then try to add domains, the process will error out. There is no way to reset the certificates from the Virtualmin interface. To resolve the problem, use secure shell and remove the letsencryt directory.

rm -rf /etc/letsencrypt

This allowed me to use the Request Certificate option again and have all my subdomains added to the certificate.

Caching Apache Forward Proxy

Apache FoundationIn my never ending quest to get more use of my computer equipment, I embarked on a new project last month. The problem, namely internet bandwidth. The home network just seems to be growing and growing with no end in sight. Between gaming systems and media servers, bandwidth is a big problem for most home networks. In my case, I already have a nice Windows Home Server 2011 box that is really not doing much, so I started thinking about what other uses this computer can do for the home network and a caching proxy made absolute sense.

Apache on Windows?

When most of us think Apache Web Server, we think Linux, but in reality Apache runs on Windows as well. The best resource out there for running Apache on Windows is the ApacheLounge; here you can find customized builds and forums with helpful information. For this scenario, I wanted a 64-bit version of Apache for Windows. This posed a problem, since Apache does not build a 64-bit version for Windows and the ApacheLounge did not have either. At this point you would need to compile it, or download an unofficial build from Blackdot.be. Since the goal is a caching proxy, I do not need to worry about 64-bit PHP or MySQL; those components are a non factor. At the time of this writing, I installed Apache 2.2.19 64-bit. I won’t detail the actual Apache installation since this is covered very well on other websites. Read more …

Apache 2.2 on Windows Session Cache Error

Apache IconThere appears to be a bug with Apache 2.2.13 which I ran into on Windows Server. See the following bug entry: Bug 23403. Opening the error.log for Apache showed the following warning:

warn Init: Session Cache is not configured (hint: SSLSessionCache)

Adding the following lines to the httpd.conf fixed the problem:

SSLSessionCache "shmcb:c:/Apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Note: your Apache installation directory is probably different, so you will want to modify the above file path.