Apache – Enable Hypertext Transfer Protocol Secure (HTTPS)
Last Updated on 2025-02-03 19:50 by Sture
Enable Apache to load the SSL modules, uncomment the line, LoadModule ssl_module libexec/apache24/mod_ssl.so and verify the change with:
user@freebsdsrv:~ $ sudo sed -i -e '/ssl_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "ssl_module" [enter]
LoadModule ssl_module libexec/apache24/mod_ssl.so
<IfModule ssl_module>>
user@freebsdsrv:~ $Configure Apache to load the socache_shmcb modules, uncomment the line, LoadModule ssl_module libexec/apache24/mod_ssl.so and verify the change with:
user@freebsdsrv:~ $ sudo sed -i -e '/socache_shmcb_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "socache_shmcb_module" [enter]
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
user@freebsdsrv:~ $Configure Apache to load the rewrite_module modules, uncomment the line, LoadModule rewrite_module libexec/apache24/mod_rewrite.so and verify the change with:
user@freebsdsrv:~ $ sudo sed -i -e '/rewrite_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "rewrite_module" [enter]
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
user@freebsdsrv:~ $Configure Apache to include the httpd-ssl.conf file, uncomment the line, Include etc/apache24/extra/httpd-ssl.conf and verify the change with:
user@freebsdsrv:~ $ sudo sed -i -e '/httpd-ssl.conf/s/#Include/Include/' /usr/local/etc/apache24/httpd.conf ; cat /usr/local/etc/apache24/httpd.conf | grep "httpd-ssl.conf" [enter]
Include etc/apache24/extra/httpd-ssl.conf
user@freebsdsrv:~ $Update ServerName in file /usr/local/etc/apache24/extra/httpd-ssl.conf with:
user@freebsdsrv:~ $ sudo sed -i -e '/ServerName/s/www.example.com/freebsdsrv.local.lan/' /usr/local/etc/apache24/extra/httpd-ssl.conf; cat /usr/local/etc/apache24/extra/httpd-ssl.conf | grep "ServerName" [enter]
ServerName freebsdsrv.local.lan:443
user@freebsdsrv:~ $Update ServerAdmin in file /usr/local/etc/apache24/extra/httpd-ssl.conf with:
user@freebsdsrv:~ $ sudo sed -i -e '/ServerAdmin/s/you@example.com/admin@local.lan/' /usr/local/etc/apache24/extra/httpd-ssl.conf ; cat /usr/local/etc/apache24/extra/httpd-ssl.conf | grep "ServerAdmin" [enter]
ServerAdmin admin@local.lan
user@freebsdsrv:~ $Copy your self-signed SSL/TLS certificate to Apache with:
user@freebsdsrv:~ $ sudo cp /etc/ssl/server.crt /usr/local/etc/apache24/server.crt; sudo cp /etc/ssl/server.key /usr/local/etc/apache24/server.key; ls -l /usr/local/etc/apache24/ [enter]
drwxr-xr-x 2 root wheel 4 Apr 11 12:17 Includes/
drwxr-xr-x 2 root wheel 2 Apr 11 12:01 envvars.d/
drwxr-xr-x 2 root wheel 27 Apr 11 12:20 extra/
-rw-r--r-- 1 root wheel 21165 Apr 11 12:20 httpd.conf
-rw-r--r-- 1 root wheel 21165 Apr 11 12:20 httpd.conf-e
-rw-r--r-- 1 root wheel 21089 Mar 26 23:02 httpd.conf.sample
-rw-r--r-- 1 root wheel 13064 Mar 26 23:02 magic
-rw-r--r-- 1 root wheel 13064 Mar 26 23:02 magic.sample
-rw-r--r-- 1 root wheel 60919 Mar 26 23:02 mime.types
-rw-r--r-- 1 root wheel 60919 Mar 26 23:02 mime.types.sample
drwxr-xr-x 2 root wheel 3 Apr 11 12:01 modules.d/
-rw-r--r-- 1 root wheel 1554 Apr 11 12:33 server.crt
-rw------- 1 root wheel 1704 Apr 11 12:35 server.key
user@freebsdsrv:~ $Verify the Apache configuration file to ensure that there are no syntax errors with:
user@freebsdsrv:~ $ apachectl -t [enter]
Syntax OK
user@freebsdsrv:~ $Erase content of log file /var/log/httpd-error.log with:
user@freebsdsrv:~ $ sudo sh -c "echo '' > /var/log/httpd-error.log" [enter]
user@freebsdsrv:~ $Manually restart apache24 with:
user@freebsdsrv:~ $ sudo service apache24 restart [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 8225.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
user@freebsdsrv:~ $Verify apache24 status with:
user@freebsdsrv:~ $ service apache24 status [enter]
apache24 is running as pid 2491.
user@freebsdsrv:~ $Check the httpd error log for possible errors:
user@freebsdsrv:~ $ tail /var/log/httpd-error.log [enter]
[Thu Jan 30 16:52:09.108534 2025] [mpm_prefork:notice] [pid 50648] AH00169: caught SIGTERM, shutting down
[Thu Jan 30 16:52:09.187884 2025] [ssl:warn] [pid 52360] AH01906: freebsdsrv.local.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 30 16:52:09.193692 2025] [ssl:warn] [pid 52361] AH01906: freebsdsrv.local.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 30 16:52:09.195173 2025] [mpm_prefork:notice] [pid 52361] AH00163: Apache/2.4.62 (FreeBSD) OpenSSL/3.0.15 configured -- resuming normal operations
[Thu Jan 30 16:52:09.195202 2025] [core:notice] [pid 52361] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
user@freebsdsrv:~ $Show all loaded Apache24 modules with:
user@freebsdsrv:~ $ apachectl -M | sort [enter]
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
core_module (static)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
http_module (static)
log_config_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
reqtimeout_module (shared)
setenvif_module (shared)
so_module (static)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
unixd_module (shared)
version_module (shared)
Loaded Modules:
user@freebsdsrv:~ $The Apache service should listen on port https/443. Verify this with:
user@freebsdsrv:~ $ sudo sockstat -4 -6 | grep 443 [enter]
www httpd 52366 5 tcp6 *:443 *:*
www httpd 52366 6 tcp4 *:443 *:*
www httpd 52365 5 tcp6 *:443 *:*
www httpd 52365 6 tcp4 *:443 *:*
www httpd 52364 5 tcp6 *:443 *:*
www httpd 52364 6 tcp4 *:443 *:*
www httpd 52363 5 tcp6 *:443 *:*
www httpd 52363 6 tcp4 *:443 *:*
www httpd 52362 5 tcp6 *:443 *:*
www httpd 52362 6 tcp4 *:443 *:*
root httpd 52361 5 tcp6 *:443 *:*
root httpd 52361 6 tcp4 *:443 *:*
user@freebsdsrv:~ $Test HTTPS connection
Test HTTPS connection to the Apache Web server using address, https://freebsdsrv.local.lan. or https://192.168.1.50.
If all is well, you should see a “Your connection is not private” message since we are using a self-signed certificate.
Redirect to HTTPS
If you’d like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), Set RewriteRule to each Host settings.
For example, if you set Virtual Hostings like the link here, Add RewriteRule like follows. Or It’s possible to set RewriteRule in [.htaccess] not in [httpd.conf].
Configure Apache to load the rewrite_module modules, uncomment the line, LoadModule rewrite_module libexec/apache24/mod_rewrite.so and verify the change with:
user@freebsdsrv:~ $ sudo sed -i -e '/rewrite_module/s/#LoadModule/LoadModule/' /usr/local/etc/apache24/httpd.conf; cat /usr/local/etc/apache24/httpd.conf | grep "rewrite_module" [enter]
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
user@freebsdsrv:~ $user@freebsdsrv:~ $ sudo ee /usr/local/etc/apache24/Includes/vhost.conf [enter]<VirtualHost *:80>
DocumentRoot /usr/local/www/apache24/data
ServerName freebsdsrv.local.lan
# add RewriteRule
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>user@freebsdsrv:~ $ sudo service apache24 reload [enter]
Performing sanity check on apache24 configuration:
Syntax OK
Performing sanity check on apache24 configuration:
Syntax OK
Performing a graceful restart
user@freebsdsrv:~ $