So this day began right after installing the e-mail server, just couldn’t stop. Did a lot today, so much to write about. All the mentioned articles and more can also be found on the wiki.

Generating and installing SSL certificates

First was enabling of SSL protection for all the websites hosted, this means SSL certificates for christiaan008.com blog.christiaan008.com and wiki.christiaan008.com. I’ve read the instructions “How To Set Up Apache with a Free Signed SSL Certificate on a VPS” and used StartSSL.com for all the website certificates. Since I’m hosting multiple websites I’ve edited the file “/etc/apache2/sites-enabled/000-default” to add SSL support for the different domains and add the path of the certificate for every domain.

It looks something like:

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/
SSLCertificateChainFile /etc/apache2/ssl/
ServerName domain.com
        DocumentRoot /var/www/
<VirtualHost*:443>

HTTP to HTTPS redirect

After implementing SSL I needed to redirect all the HTTP traffic to HTTPS, the easiest way to do this is adding a redirect to the same configuration file. Something like:

<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com
</VirtualHost>

IP to HTTPS redirect

When entering the IP-address of the webserver I wanted it to redirect to the main website. There are multiple way todo this. Since I’m already used to mod_rewrite module in Apache I used the .htaccess file to rewrite the URL by adding

RewriteCond %{HTTP_HOST} ^123\.123\.123\.123
RewriteRule (.*) https://www.domain.com/ [R=301,L]

To better understand how mod_rewrite works I’ve read “Using .htaccess rewrite rules

 

HTTPS support and hardening Mediawiki

Although Apache worked with HTTPS it’s needed to edit the LocalSettings.php file for Mediawiki, otherwise it redirects to the HTTP version or to a link that doesn’t exist. So edited the value $wgServer:

$wgServer = "https://domain.com";

After that it was time to harden the wiki a bit and read the post “Making MediaWiki secure (and fixing some config annoyances)

 

Hardening WordPress

The last thing of the day was to upgrade the basic WordPress security. After reading some posts I found “Hardening WordPress” the most interesting to better understand what security measures can be taken. I’ve installed some security plugins and at the moment find “All In One WP Security” the best to use. This plugin check a lot of different security settings and makes it easy for an user to implement the needed security features by just clicking.

 

Learned today

  • It’s important to clear the cache of your browser when your editing server configurations.
  • Always install screen, if you lose your SSH session it’s easy to get the screen back after establishing the session again.
  • Better keep track of all the articles read and links used.

 

Music video of the day

Share This