System Admin Simplified

After enabling HTTPS on the web server in FreeBSD, remote users can be redirected to this secure protocol by automatically rewriting the URL. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule rewrite_module libexec/apache24/mod_rewrite.so # Apache rewrite engine Include etc/apache24/Includes/*.conf # Custom configuration files # ... # END CODE 4. Create a custom config file in the "Includes" directory. root@host: # ee /usr/local/etc/apache24/Includes/myrewrite.conf 5. Place the following code in the custom config file. # BEGIN CODE # ... RewriteEngine On # Enables directives for rewriting. RewriteCond %{HTTPS} !=on # Verifies that the connection is not yet in HTTPS. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$...

The following procedure activates HTTPS for the Apache web server in FreeBSD. This secure protocol uses TLS/SSL certificates to encrypt the data transferred between the remote user and the web server. Sensitive information is protected from being captured by malicious actors using sniffing tools along the network route. ========== 1. PREREQUISITES 1.1. Make a self-signed SSL certificate. [  Details  ] 2. ACTIVATION 2.1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2.2. Open the Apache main configuration file. root@host: # ee /usr/local/etc/apache24/httpd.conf 2.3. Find and uncomment the following Apache directives. # BEGIN CODE # ... LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so # Needed by the "SSLSessionCache" directive in httpd-ssl.conf # ... LoadModule ssl_module libexec/apache24/mod_ssl.so # Needed by the "SSLCipherSuite" directive in httpd-ssl.conf # ... ...

The following procedure shows how to apply self-signed certificates to the Apache web server in FreeBSD. After  creating and installing the TLS/SSL certificate/key pair, they can be utilized to secure FreeBSD web services with encryption during the development and testing process. It is important to keep in mind that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Log in to "root". Regular users must be part of the "wheel" group in order to do this. user@host: $ su - 2. Go to the directory containing the Apache site configuration files. root@host: # cd /usr/local/etc/apache24/extra 3. BACK UP the default HTTPS configuration file for the secure site. root@host: # cp httpd-ssl.conf httpd-ssl-conf.back 4. Open the default HTTPS configuration file. root@host: # ee httpd-ssl.conf 5. Find and modify the following Apache directives. # BEGIN CODE # ... SSLCertificateFile "/usr/local/etc/apache24/server.crt" # The self-signe...

The following procedure activates HTTPS for the Home Assistant server. The secure protocol uses TLS/SSL certificates to encrypt the data transferred between user and server. Although it is possible to make this home automation system, whether in  Linux or  FreeBSD , accessible over the Internet, Home Assistant is usually operated within private networks, either physical or virtual. In this case, self-signed certificates may be acceptable to use and quicker to deploy. ========== 1. Log in as the system account. 1.1. Linux, with $HOME "bin" included in $PATH (-i) of system account (-u). user@host: $ sudo -i -u homeassistant 1.2. FreeBSD, coming from "root" superuser. root@host: # su - homeassistant 2. Go to the Home Assistant configuration directory. user@host: $ cd ~/.homeassistant 3. Make a directory for SSL certificates. user@host: $ mkdir ssl 4. Ensure that only the system account and members of its group can access the directory. user@host:...

The following procedure shows how to apply self-signed certificates to the Apache web server in Debian-based Linux distributions. After creating and installing  the TLS/SSL certificate/key pair, they can be utilized to  secure Debian-based Linux web services  with encryption during the development and testing process. It is important to keep in mind that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Go to the directory containing the Apache site configuration files. user@host: $ cd /etc/apache2/sites-available 2.  BACK UP the default HTTPS configuration file for the secure site. user@host: $ sudo cp default-ssl.conf default-ssl-conf.back 3. Open the default HTTPS configuration file. user@host: $ sudo nano default-ssl.conf 4. Find and modify the following Apache directives. # BEGIN CODE # ... SSLCertificateFile /etc/ssl/certs/myserver.crt # The self-signed certificate. SSLCertificateKeyFile /...

The need for TLS/SSL certificates may arise when developing server projects that need encryption, like the Apache web server on  Debian-based  or Red Hat-based Linux distributions, on the  FreeBSD  operating system, and the Home Assistant  home automation system. The following procedure shows how to create and install self-signed certificates, if acquiring them from a Certificate Authority (CA) is either too expensive or too complicated. It is important to keep in mind, however, that self-signing may be deemed UNTRUSTWORTHY in a production environment. ========== 1. Create the certificate and key. 1.1.  [OPTION A] One-step process, skipping the Certificate Signing Request (CSR). user@host: $  openssl req -new -x509 -days 36500 -nodes -keyout server.key -out server.crt 1.2.  [OPTION B] Separate CSR for submission to CAs, if planning to legitimize later on. 1.2.1. Generate keys for the CSR. user@host:...

Once HTTPS is enabled on the web server, remote users can be redirected to this secure protocol by automatically rewriting the URL. ========== 1. Enable the Rewrite module. user@host: $  sudo a2enmod rewrite 2. Change the current working directory to the Apache site configuration files. user@host: $ cd /etc/apache2/sites-available 3.  BACK UP the default HTTP configuration file for the non-secure site. user@host: $ sudo cp 000-default.conf 000-default-conf.back 4. Open the default HTTP configuration file. user@host: $ sudo nano 000-default.conf 5. Replace all contents in the default HTTP configuration with the following code. # BEGIN CODE RewriteEngine On # Enables directives for rewriting. RewriteCond %{HTTPS} !=on # Verifies that the connection is not yet in HTTPS. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # Redirects to the current location but in HTTPS. # END CODE 6. Restart the web serve...

The following procedure activates HTTPS for the Apache web server in Debian-based Linux distributions. This secure protocol uses TLS/SSL certificates to encrypt the data transferred between the remote user and the web server. Sensitive information is protected from being captured by malicious actors using sniffing tools along the network route. ========== 1. Enable the SSL module. user@host: $ sudo a2enmod ssl 2. Enable the default configuration for the secure site. user@host: $ sudo a2ensite default-ssl.conf 3. Restart the web server. user@host: $ sudo /etc/init.d/apache2 restart 4. Test the secure site by accessing localhost with a simple browser. user@host: $ lynx https://localhost ==========