Configuración archivo para virtualhost y generación de certificado PFX

Configuración para sitio web configurado con Virtualhosts de apache.

<VirtualHost 192.168.1.100:80>
  ServerName domain.com
  ServerAlias www.domain.com
  
  DocumentRoot /var/www/myproject/public

  <Directory /var/www/myproject/public>
    Options -Indexes +FollowSymLinks +MultiViews
    AllowOverride All
    Order allow, deny
    allow from all
  </Directory>
  
  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

  <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/myproject-error.log

  #Possible values include: debug, info, notice, warn, error, crit, alert, emerg
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/myproject-access.log combined

</VirtualHost>

---

Para nuestra configuracion SSL:

<IfModule mod_ssl.c>
  <VirtualHost 192.168.1.100:443>
    ServerAdmin webmaster@localhost
    ServerName example.com
    ServerAlias www.example.com

    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/example.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example.com.key

    <FilesMatch "\.(cgi | shtml | phtml | php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory /usr/lib/cgi-bin>
      SSLOptions +StdEnvVars
    </Directory>
    
  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9])" ssl-unclean-shutdown
  </VirtualHost>
</IfModule>

No olvidar ejecutar a2ensite <nombre_archivo_de_configuracion> y hacer reload en apache para que lo publique.

Igualmente habilitamos módulos o los deshabilitamos con a2enmod <nombre_mod>

---

Otras opciones:

ServerName and ServerAlias: Let Apache know the domain to match to this virtual host by setting the ServerName. Optionally also use ServerAlias to tell apache to listen to other domains and point them to this virtual host as well, such as a “www” subdomain.

DocumentRoot: Change to suit your needs. I often have a “public_html” or “public” directory which is the web root. Then I can encapsulate related files which stay behind the web-root within the sites directory. (site.com directory, with site.com/public_html directory as the web-root). This is how Laravel works by default.

Options -Indexes: stop people from being able to go to a directory and see files listed in there. Instead they see a Forbidden error.

This can stops users view all your files in your /images directory, for instance.

AllowOverride: Set to “all” to allow .htaccess files in your virtual host (And sub-directories)

ErrorLog, CustomLog: Create log files specifically for your domain, so they don’t get mixed in with traffic / errors from other sites running on the server.

a2ensite * -> enable all sites

a2enmod ssl -> enable the ssl module

---

Crear certificado en formato .pfx protegido con contraseña a partir de una clave privada y certificado (necesario clave privada y certificado):

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

---

Crear un certificado pfx protegido con contraseña a partir de una clave privada y certificado de tipo pem (clave privada y certificado):

openssl pkcs12 -export -inkey privkey.pem -in cert.pem -out certificado.pfx -password pass:mipass