THE NEED for VIRTUAL HOSTS
Posted by: RiggsFolly (---.dynamic.dsl.as9105.com)
Date: October 02, 2014 06:05PM

WAMPServer Homepage - Virtual Hosts

Note: The use of VirtualHost is mandatory with Apache if you want to work properly with web applications, CMS or your local sites .
It is recommended - even imperative - to create a virtual host for each of your projects, even if you put them in the structure \wamp\www\subfolder.
The WampServer home page (\wamp\www\index.php) expects you to have created a Virtual Host for all your projects and will therefore work properly only if you do so.

History

In order to make life easier for beginners using WampServer to learn PHP Apache and MySQL it was suggested that you create subfolders under the `\wamp\www\` folder.

wamp
  |-- www
       |-- Chapter1
       |-- Chapter2
       |-- etc
These subfolders would then show as links in the WampServer Homepage under a menu called 'Your Projects' and these links would contain a link to `localhost/subfoldername`.

Acceptable only for simple tutorials

This made life easy for the complete beginner, and was perfectly acceptable for example for those following tutorials to learn PHP coding.
However it was never intended for use when developing a real web site that you would later want to copy to your live hosted server.
In fact if you did use this mechanism it often caused problems as the live sites configuration would not match your development configuration.

The Problem for real website development.

The reason for this is of course that the default DocumentRoot setting for wamp is

DocumentRoot "c:/wamp/www/"

regardless of what your subfolder was called.
This ment that often used PHP code that queried the structure or your site received different information when running on your development WampServer to what it would receive when running on a live hosted server, where the DocumentRoot configuration points to the folder at the top of the website file hierarchy.
This kind of code exists in many frameworks and CMS's for example WordPress and Joomla etc.

For Example

Lets say we have a project called project1 held in `wamp\www\project1` and run incorrectly as `[localhost]`

This is what would be reported by some of the PHP command in question:

 $_SERVER['HTTP_HOST'] = localhost
 $_SERVER['SERVER_NAME'] = localhost
 $_SERVER['DOCUMENT_ROOT'] = c:/wamp/www

Now if we had correctly defined that site using a Virtual Host definition and ran it as `http: //project1` the results on the WAMPServer devlopment site will match those received when on a live hosted environment.

 $_SERVER['HTTP_HOST'] = project1
 $_SERVER['SERVER_NAME'] = project1
 $_SERVER['DOCUMENT_ROOT'] = c:/wamp/www/project1

Now this difference may seem trivial at first but if you were to use a framework like WordPress or one of the CMS's like Joomla for example, this can and does cause problems when you move your site to or from a live server.

How to create a Virtual Host in WampServer

----------------------------------------------------------------------------------------
--- With Wampserver 3.0.0 it is simplier and can be done automaticaliy with few click:
--- see [forum.wampserver.com]
--- But this does not prevents you reading the following explanations; it will help you understand what a VirtualHost is.
----------------------------------------------------------------------------------------

Actually this should work basically the same for any windows Apache server, with differences only in where you may find the Apache config files.

There are 2 steps to create your first Virtual Host in Apache:

1. Create the Virtual Host definition(s)
2. Add your new domain name to the HOSTS file.

Step 1, Create the Virtual Host definition(s)

Edit the file called `httpd-vhosts.conf` which for WampServer lives in
 \wamp\bin\apache\apache2.4.41\conf\extra\httpd-vhosts.conf
(Apache version numbers may differ, engage brain before continuing)

-- If this is the first time you edit this file, remove the default example code, it is of no use.

I am assuming we want to create a definition for a site called project1 that lives in

\wamp\www\project1

Very important, first we must make sure that localhost still works so that is the first VHOST definition we will put in this file.
In principle, since Wampserver 3.0.4 and Apache 2.4.18 this definition already exists
 <VirtualHost *:80>
  DocumentRoot "c:/wamp/www"
  ServerName localhost
  ServerAlias localhost
  <Directory  "c:/wamp/www">
    AllowOverride All
 		Require local
  </Directory>
</VirtualHost>
Now we define our project: and this of course you do for each of your projects as you start a new one.
<VirtualHost *:80>
  DocumentRoot "c:/wamp/www/project1"
  ServerName project1
  <Directory  "c:/wamp/www/project1">
    AllowOverride All
 		Require local
  </Directory>
</VirtualHost>

Note: each VHOST definition has its own DocumentRoot definition.

Small aside
The way virtual hosts work in Apache: The first definition in this file will also be the default site, so should the domain name used in the browser not match any actually defined virtually hosted domain, making localhost the first domain in the file will therefore make it the site that is loaded if a hack attempt just uses your IP Address.
So if we ensure that the Apache security for this domain **is ALWAYS SET TO**
 Require local
any casual hack from an external address will receive an error and not get into your PC, but should you misspell a domain you will be shown the WampServer homepage, because you are on the same PC as WampServer and therfore `local`.

Setp 2:

Add your new domain name to the HOSTS file.
Now we need to add the domain name that we have used in the Virtual Host definition to the HOSTS file so that windows knows where to find it. This is similiar to creating a DNS A record, but it is only visible in this case on this specific PC.

Edit `C:\windows\system32\drivers\etc\hosts`

The file has no extension and should remain that way. Watch out for notepad, as it may try and add a `.txt` extension if you have no better editor.
I suggest you download Notepad++, its free and a very good editor.

Also this is a protected file so you must edit it with administrator privileges, so launch you editor using the Run as Administrator menu option


The hosts file should look like this when you have completed these edits
 127.0.0.1 localhost
 127.0.0.1 project1

 ::1 localhost
 ::1 project1
Note that you should have definitions in here for the IPV4 loopback address `127.0.0.1` and also the IPV6 loopback address `::1` as Apache is now IPV6 aware and the browser will use either IPV4 or IPV6 or both. I have no idea how it decides which to use, but it can use either if you have the IPV6 stack turned on, and most window OS's do as of XP SP3.

Now we must tell windows to refresh its domain name cache, so launch a command window again using the Run as Administrator menu option again, and do the following.
ipconfig /flushdns
This forces windows to clear its domain name cache and reload it, in reloading it will re-read the HOSTS file so now it knows about the domain `project1`.

To activate this change in you running Apache we must now stop and restart the Apache service.
Wampmamaner Tray Icon -> Apache -> Service -> Restart Service

Now if the WAMP icon in the system tray does not go GREEN again, it means you have probably done something wrong in the `\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhosts.conf` file.

If so here is a useful mechanism to find out what is wrong. It uses a feature of the Apache exe (httpd.exe) to check its config files and report errors by filename and line numbers.

Launch a command window.
cd \wamp\bin\apache\apache2.4.41\bin
httpd -t

So fix the errors and retest again until you get the output
 Syntax OK

Now there is one more thing.
Wampmanager Tray Icon Your VirtualHost menu item
The 'Your Virtual Hosts' menu item searches the file that is used to define Virtual Hosts that we have just changed and creates menu links for each ServerName parameter it finds and creates a menu item for each one.

Now if you take this to its logical extension
You can now move your web site code completely outside the \wamp\ folder structure simply by changing the DocumentRoot parameter in the VHOST definition. So for example you could do this:

Create a folder on the wamp disk or any other disk (beware of network drive, they are a bit more complicated)

D:
MD websites
CD websites
MD example.com
CD example.com
MD www

You now copy your site code to, or start creating it in the \websites\example.com\www folder and define your VHOST like this:

<VirtualHost *:80>
  DocumentRoot "d:/websites/example.com/www"
  ServerName example.local
  ServerAlias www.example.local
  <Directory  "d:/websites/example.com/www">
    AllowOverride All
    Require all granted
  </Directory>
  php_flag display_errors Off
  php_flag log_errors On
  php_value max_upload_size 40M
  php_value max_execution_time 120
  php_value error_log "d:/wamp/logs/example_com_phperror.log"
</VirtualHost>

Then add this new development domain to the HOSTS file:
127.0.0.1 localhost
::1 localhost

127.0.0.1 project1
::1 project1

127.0.0.1 example.local
::1 example.local

NOTE: It is not a good idea to use a ServerName or ServerAlias that is the same as your live domain name, as if we had used example.com as the ServerName it would mean we could no longer get to the real live site from this PC as it would direct example.com to 127.0.0.1 i.e. this PC and not out onto the internet.

ALSO:
See that I have allowed this site to be accessed from the internet from within the VHOST definitions, this change will apply to only this site and no other. Very useful for allowing a client to view your changes for an hour or so without having to copy them to the live server.
This does mean that we have to edit this file manually to turn this access on and off.

Also I have added some modifications to the PHP config, again that will only apply to this one site.
Very useful when maintaining a site with specific requirement unlike all the other sites you maintain.
I guess we can assume from the parameters used that it has a long running page in it somewhere
php_value max_execution_time 120
and it is very badly written and will not run with errors being displayed on the browser without making a horrible mess of the page.
php_flag display_errors Off
Believe me sites like this exist and people still want them maintained badly.

Another bonus to using Virtual Hosts
Because we are using Virtual Hosts, we can tailor the Apache AND PHP parameters from within the VHOST definition therefore applying these change to only one of the possibly many sites we maintain.
We can therefore leave the httpd.conf and php.ini files which of course are GLOBAL to all the sites, containing general base settings and not have to fiddle with them for each different site we may work on.
We also have a record for each site that needed parameters tailoring and what that tailoring was.

----------------------------------------------------------------------------
You can not reply to this message.
Open a new thread to describe your problem be sure to give the answers to: READ THIS BEFORE YOU ASK A QUESTION



Edited 8 time(s). Last edit at 12/09/2019 06:37PM by Otomatic.

Options: ReplyQuote
Why create VirtualHost BEFORE installing CMS
Posted by: Otomatic (Moderator)
Date: April 14, 2020 11:22AM

Hello,

Why it is necessary to create a VirtualHost BEFORE installing a CMS ?

Let's go back to VirtualHost or Virtual Hosts.
A virtual host declaration includes (almost) imperative elements:
<VirtualHost *:80>
   ServerName nom_du_site
   DocumentRoot C:/wamp/www/monsite
  <Directory "C:/wamp/www/monsite/">
    Options +Indexes +FollowSymLinks +MultiViews
    AllowOverride all
    Require local
  </Directory>
</VirtualHost>
- Line 00 <VirtualHost address IP[:port]>
IP address means the IP address of the virtual server and, in this case, the character *, which acts as a wildcard character, and corresponds to any IP address. The port number is optional and is 80 by default. Nevertheless, here we specify it to facilitate possible replacements.
- b]Line 01 ServerName[protocol:///]qualified domain name[:port][/b]
By default, the protocol is http. The domain name is the name by which you will be asked to connect to the virtual site. It must meet the standards of domain names. If, as name we have (without quotation marks) "ServerName site_name", we will connect by (http://site_name)
- Line 02 DocumentRoot directory path (Without final slash)
This directive is used to define the directory from which Apache will serve the files. The URL path will be added by the server to the root of the documents in order to build the path of the searched document.
For example, with DocumentRoot C:/wamp/www/mysite, an access to (http://site_name/index.php) then refers to C:/wamp/www/mysite/index.php.
If the directory path is not an absolute path, it is considered relative to the path defined by the ServerRoot directive.
- Line 03 <Directory directory path> ... </Directory> (With a final slash on the way)
The <Directory> and </Directory> tags allow you to group a set of directives that apply only to the specified directory, its subdirectories, and files located in these subdirectories, such as permissions or access bans.
- Line 04 Options .....
Defines the features available for a particular directory. The + sign before the name of the functionality validates it, the - sign invalidates it. In this case:
Indexes : If a required URL corresponds to the directory concerned, and if no index.html or index.php file is defined for this directory, the mod_autoindex module will return a formatted listing of the directory content.
FollowSymLinks: The server will follow the symbolic links in the directory concerned.
Multiviews: Multiple views ("multiviews"winking smiley with content negotiated using the mod_negotiation module are allowed.
- Line 05 AllowOverride all
When the server finds an.htaccess file, it must know which of the directives placed in that file are allowed to modify the pre-existing configuration; it is the role of AllowOverride to authorize all or some of the directives in the.htaccess files.
- Line 06 Require local
The Require Directive allows or prohibits access to the directory concerned. In this case (Local Require) only access requests from the PC on which the server is installed will be allowed (This corresponds to Allow from 127.0.0.0.1 and ::1 and localhost from Apache 2.2).
-----------------------------------

When you put a CMS (Joomla, Wordpress or other) online with a host, you can only do so if you have a "site" on that host to install the CMS or put other files on it.
You don't realize it, but at the host, your "site" is declared as a Virtual Host, exactly as we just dissected it above (perhaps with more or less options).
Looking at it a little closer, at the host's site, the access path (DocumentRoot) is a little more complex than locally, for example :

/srv/data/web/vhosts/name_of_site/htdocs
or
/mnt/109/sdb/a/d/site_name

assuming that at the host, your site is site-name.net when you ask (http://site-name.net/wordpress/index.php),
it is the file /srv/data/web/vhosts/site-name/htdocs/wordpress/index.php that will be served.
And if, in a PHP script at this host, you ask:
echo $_SERVER['DOCUMENT_ROOT'];
you will get
/srv/data/web/web/vhosts/site-name/htdocs
or
/mnt/109/sdb/a/d/site-name
All this to say that a VirtualHost existed at the host BEFORE you installed a CMS, Joomla or Wordpress for example.

Now to a local server, for example Wampserver.
You create a folder, for example C:/wamp/www/www/my_site/ in which you install a CMS, for example Joomla (in a folder named joomla) and launch the installation script. To do this, you had to put the url (http://localhost/my_site/joomla/proc_install.php). And yes, it was necessary to add localhost in the url.
What does the Apache documentation say?
- Any request that does not match any existing <VirtualHost> section is processed with the main server configuration.
- If a virtual server does not define a ServerName directive, the name of this virtual server will be inherited from the main server.
This is the case, because after installing Wampserver, no VirtualHost is defined. It is therefore the definitions of the Apache configuration file that are taken into account:
	ServerName localhost:80
  DocumentRoot "C:/wamp/www"
  <Directory "C:/wamp/www/">
localhost being the only VirtualHost defined, all urls will have to be based on this virtual site, so start with (http://localhost/.....) to be processed without errors. In addition, it is the only one defined in the hosts file. If we omit localhost, the url will not be found, hence error 404.
And, in this case of installing a CMS with the url (http://localhost/...), all parameters (paths, files, internal url, etc.) created during the installation procedure will be created with the php variable $_SERVER['DOCUMENT_ROOT'] equal to C:/wamp/www and not C:/wamp/www/my_site

This is why it is much more difficult to create a VirtualHost my_site AFTER installing a CMS, because then, the value of $_SERVER['DOCUMENT_ROOT'] would become C:/wamp/www/my_site while the parameters, after installing the CMS only know C:/wamp/www where path error and files not found.

Options: ReplyQuote
How to activate https SSL in Wampserver
Posted by: Otomatic (Moderator)
Date: July 14, 2020 01:48PM

Using https with SSL in local VirtualHost
Now integrated into Wampserver as of version 3.3.2

For this, the Apache listening port must not only be port 443, but also port 80.
The Apache documentation on this subject specifies that you need both VirtualHost, one on port 80 and the other on port 443.
We can read in the file wamp64/bin/apache/apache2.4.57/conf/extra/httpd-ssl.conf
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
To avoid, as they say in my house, mixing wipes and towels, the VirtualHost port 80 are defined in the httpd-vhosts.conf file and the VirtualHost https port 443 are defined in the httpd-ssl.conf file.

-- Procedure explained for wampserver installed in e:\wamp64 and for apache 2.4.57
Modify the paths and version according to your installation
Procedure compiled from comparisons and tests of various documentations and explanations including those of Artemus24 on its website [www.jcz.fr].
For all intents and purposes, here's my own procedure for using https ssl locally.
This is an English translation from my French procedure, and there might be some misunderstandings.
It may not be the best method and there may be redundancies and/or extra stuff, but :
This procedure works and has been tried for Apache 2.4.37 to 2.4.57 in 64 bits

-- Wampserver must be stopped, so services must be stopped.

-- Modification of file e:\wamp64\bin\apache\apache2.4.57\conf\httpd.conf
Uncomment:
#Include conf/extra/httpd-ssl.conf
to obtain:
Include conf/extra/httpd-ssl.conf

To activate https SSL, you must load both modules in httpd.conf:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
The loading of these modules will only be activated after completing the entire key creation procedure and ensuring that the VirtualHost works correctly in httpd port 80.

-- Replacement of the e:\wamp64\bin\apache\apache2.4.57\conf\extra\httpd-ssl.conf file
To obtain information, read the comments in the original file.
Afterwards, you can review the information that will still be in the original file:
e:\wamp64\bin\apache\apache2.4.53\conf\original\extra\httpd-ssl.conf
which has not been modified.

Replace the contents of the e:\wamp64\bin\apache\apache2.4.57\conf\extra\httpd-ssl.conf file with :
#
# This is the Apache server configuration file providing SSL support.
# When we also provide SSL we have to listen to the
# standard HTTP port and to the HTTPS port
#
Listen 0.0.0.0:443 https
Listen [::0]:443 https

# Where the certificates are
Define CERTIFS ${INSTALL_DIR}/bin/Certs

Protocols h2 h2c http/1.1
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; preload"
</IfModule>
SSLSessionCache shmcb:${INSTALL_DIR}/tmp/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
# SSL Protocol support:
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
# SSL Cipher Suite:
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
# Encryptions TLSv1.3
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp521r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1

##
## SSL Virtual Host Context
Define SERVERNAMEVHOSTSSL MYSITE_ServerName
Define DOCUMENTROOTVHOSTSSL MYSITE_DocumentRoot
<VirtualHost *:443>
	ServerName ${SERVERNAMEVHOSTSSL}
  DocumentRoot "${DOCUMENTROOTVHOSTSSL}"
	SSLEngine on
	SSLCertificateFile      "${CERTIFS}/Site/${SERVERNAMEVHOSTSSL}.crt"
	SSLCertificateKeyFile   "${CERTIFS}/Site/${SERVERNAMEVHOSTSSL}.key"
	<Directory "${DOCUMENTROOTVHOSTSSL}/">
		Options +Indexes +Includes +FollowSymLinks +MultiViews
		AllowOverride all
		Require local
	</Directory>
	CustomLog "${INSTALL_DIR}/logs/custom.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# End of SSL Virtual Host Context - To be repeated for another SSL VirtualHost

# Do not remove these lines UnDefine
UnDefine SERVERNAMEVHOSTSSL
UnDefine DOCUMENTROOTVHOSTSSL
You must modify all the lines where there is MYSITE to put your own data and parameters, for example:
Define SERVERNAMEVHOSTSSL wampserver.aviatechno
Define DOCUMENTROOTVHOSTSSL G:\www\wampserver
Define ADMINVHOSTSSL wampserver@otomatic.net

The VirtualHost must already exist and be valid in http port 80, so exist in the file :
e:\wamp64\bin\apache\apache2.4.57\conf\extra\httpd-vhosts.conf[/b]

-- Replace all the contents of the file e:\wamp64\bin\apache\apache2.4.57\conf\openssl.cnf
by
#============ openssl.cnf =============#
[ca]
default_ca       = CA_default

[CA_default]
dir              = ../../../Certs
cacerts_dir      = $dir/Cacerts
certificate      = $cacerts_dir/Certificat.crt
new_certs_dir    = $dir/Newcerts
private_dir      = $cacerts_dir
private_key      = $private_dir/Certificat.key
RANDFILE         = $private_dir/Certificat.rnd
other_dir        = $dir/Other
database         = $other_dir/index.txt
serial           = $other_dir/serial.txt
default_crl_days = 14610
default_days     = 14610
default_md       = sha512
x509_extensions  = usr_cert
name_opt         = ca_default
cert_opt         = ca_default
preserve         = no
policy           = policy_match

[policy_match]
countryName            = match
stateOrProvinceName    = match
localityName           = match
organizationName       = optional
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[usr_cert]
basicConstraints       = CA:FALSE
nsCertType             = client
keyUsage               = nonRepudiation, digitalSignature, keyEncipherment
nsComment              = "OpenSSL Generated Certificate"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

[ocsp]
basicConstraints       = CA:FALSE
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer
keyUsage               = critical, digitalSignature
extendedKeyUsage       = critical, OCSPSigning

[req]
default_bits        = 4096
default_keyfile     = ../../../Certs/Cacerts/Certificat.pem
encrypt_key         = no
default_md          = sha512
string_mask         = utf8only
prompt              = no
utf8                = yes
distinguished_name  = req_distinguished_name
req_extensions      = v3_req
x509_extensions     = v3_ca

[req_distinguished_name]
countryName_default            = FR
stateOrProvinceName_default    = Paris
localityName_default           = Paris
0.organizationName_default     = Otomatic & Cie
organizationalUnitName_default = Wampserver
commonName                     = Common Name (eg, your website’s domain name)
commonName_max                 = 64
emailAddress_default           = otomatic@otomatic.net
emailAddress_max               = 40

[v3_req]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment

[v3_ca]
# Extensions to use when signing a CA
basicConstraints       = critical, CA:true
keyUsage               = keyCertSign, cRLSign
nsCertType             = sslCA, emailCA
nsComment              = "SSL ROOT CA"
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName         = @alt_names

[alt_names]
DNS.1 = IP:127.0.0.1
DNS.2 = localhost

Open a "as administrator" command window
And in this window type the following lines.
You can copy/paste in blocks of several lines, with an empty line at the end of the block, otherwise the last command of the block would not be executed.
Never close the command window before the procedure is completed, otherwise the environment variables previously declared by set would be lost.
Rem Wampserver installation variables
Rem To be modified according to your installation
set installdir=e:\wamp64
set apachever=2.4.57
Rem
Rem Verification and possible creation of folders
cd /D %installdir%\bin
Rem Removal of any certificates that may be present
if exist Certs rmdir /S /Q Certs
if not exist Certs md Certs
cd Certs
if not exist Other md Other
if not exist Cacerts md Cacerts
if not exist Server md Server
if not exist Site md Site
Rem Information to be created
copy nul .\Other\Index.txt
@echo 01> .\Other\Serial.txt
Rem MyPass can be replaced by your own password (4 to 20 characters)
@echo MyPass> .\Other\Password.txt
set /P PASSWORD= <.\Other\Password.txt
Rem
cd..
Rem We are in the folder %installdir%\bin
Rem We go to apache used /bin
cd apache\apache%apachever%\bin
Rem Declaration of variables - Imperative
set OPENSSL_CONF=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\Certs
Rem +-+-+-+-+ Creation of the self-signed certificate +-+-+-+
Rem 1- Generation of a random number. (The seed 1358 can be replaced)
openssl rand -out %DIRCERTS%/Cacerts/Certificat.rnd -base64 1358
Rem 2- Private RSA key.
openssl genrsa -out %DIRCERTS%/Cacerts/Certificat.key -rand %DIRCERTS%/Cacerts/Certificat.rnd 4096
Rem 3- Request for signature.
Rem /C=FR : Country -- /ST=Paris : State or region -- /L=Paris : City
Rem /O=Otomatic & Cie : Organisation -- /CN=Otomatic & Cie : Division
openssl req -new -sha256 -key %DIRCERTS%/Cacerts/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.csr -subj "/C=FR/ST=Paris/L=Paris/O=Otomatic & Cie/CN=Otomatic & Cie"
Rem 4- Self-signed certificate.
openssl x509 -req -days 1830 -sha256 -in %DIRCERTS%/Cacerts/Certificat.csr -signkey %DIRCERTS%/Cacerts/Certificat.key -out %DIRCERTS%/Cacerts/Certificat.crt
openssl x509 -in %DIRCERTS%/Cacerts/Certificat.crt -outform der -out %DIRCERTS%/Cacerts/Certificat.der
openssl x509 -in %DIRCERTS%/Cacerts/Certificat.crt -outform pem -out %DIRCERTS%/Cacerts/Certificat.pem
Rem 5- Public Key Extraction Plaintext Block Chaining
openssl rsa -in %DIRCERTS%/Cacerts/Certificat.key -pubout -out %DIRCERTS%/Cacerts/Certificat.pbc
Rem +-+-+-+-+ End of the creation of the self-signed certificate +-+-+-+-+
Rem +-+-+-+-+-+-++ Certificates and server keys for a local site +-+-+-+-+-+
Rem 6- ServerName of the local site for which you want the keys
set SERVLOCAL=aviatechno
Rem 7- Random number (Different seed - 1677 may be changed)
if exist %DIRCERTS%\Server\Server.rnd del %DIRCERTS%\Server\Server.rnd
openssl rand -out %DIRCERTS%/Server/Server.rnd -base64 1677
Rem 8- Private RSA key.
if exist %DIRCERTS%\Server\Server.key del %DIRCERTS%\Server\Server.key
openssl genrsa -out %DIRCERTS%/Server/Server.key -rand %DIRCERTS%/Server/Server.rnd 4096
Rem 9- Signing request for ServerName certificate
Rem /C=FR : Country -- /ST=Paris : State or région -- /L=Paris : City
Rem /O=Otomatic & Cie : Organisation -- /CN=nom du site local
if exist %DIRCERTS%\Server\Server.csr del %DIRCERTS%\Server\Server.csr
openssl req -new -sha256 -key %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Server/Server.csr -subj "/C=FR/ST=Paris/L=Paris/O=Otomatic & Cie/OU=Wampserver/CN=%SERVLOCAL%"
Rem 10- Signature request for server certificate.
if exist %DIRCERTS%\Server\Server.crt del %DIRCERTS%\Server\Server.crt
openssl x509 -req -days 4383 -sha256 -in %DIRCERTS%/Server/Server.csr -CA %DIRCERTS%/Cacerts/Certificat.crt -CAkey %DIRCERTS%/Cacerts/Certificat.key -CAcreateserial -out %DIRCERTS%/Server/Server.crt
openssl x509 -outform der -in %DIRCERTS%/Server/Server.crt -out %DIRCERTS%/Server/Server.der
openssl x509 -inform DER -outform PEM -in %DIRCERTS%/Server/Server.der -out %DIRCERTS%/Server/Server.pem
openssl crl2pkcs7 -nocrl -certfile %DIRCERTS%/Cacerts/Certificat.crt -certfile %DIRCERTS%/Server/Server.crt -out %DIRCERTS%/Server/%SERVLOCAL%.p7b
if exist %DIRCERTS%\Server\%SERVLOCAL%.pfx del %DIRCERTS%\Server\%SERVLOCAL%.pfx
openssl pkcs12 -export -nodes -in %DIRCERTS%/Cacerts/Certificat.crt -inkey %DIRCERTS%/Server/Server.key-out %DIRCERTS%/Server/%SERVLOCAL%.pfx -descert -name "%SERVLOCAL%" -password pass:%PASSWORD%
Rem
Rem 11- Client certificate.
Rem Nota : Un mot de passe sera demandé sauf si option finale -password pass:MyPass
openssl pkcs12 -nodes -export -in %DIRCERTS%/Server/Server.crt -inkey %DIRCERTS%/Server/Server.key -out %DIRCERTS%/Site/%SERVLOCAL%.pfx -clcerts -descert -name "Client %SERVLOCAL% Certificate" -password pass:%PASSWORD%
Rem 12- Copy of keys
copy /Y %DIRCERTS%\Server\Server.crt %DIRCERTS%\Site\%SERVLOCAL%.crt
copy /Y %DIRCERTS%\Server\Server.key %DIRCERTS%\Site\%SERVLOCAL%.key

- For another local site, only repeat from 6 to 12 by changing the ServerName SERVLOCAL
The command window must be positioned on the wamp/bin/apache/apache/apache2.4.53/bin/ folder and it is imperative to create the environment variables (Change path and version if necessary) before running commands 6 to 12
set installdir=e:\wamp64
set apachever=2.4.57
set OPENSSL_CONF=%installdir%\bin\apache\apache%apachever%\conf\openssl.cnf
set DIRCERTS=%installdir%\bin\Certs
cd /D %installdir%\bin\apache\apache%apachever%\bin
set /P PASSWORD= <..\..\..\Certs\Other\Password.txt

Where to store the various certificates:
This doesn't seem to be mandatory. The https mode works correctly with Firefox, Opera, Chrome and Edge browsers without the certificates having been stored as below!

--- The certificate "Certs\Cacerts\Certificat.crt" is to be put away :
-- Windows, in the Certificate Manager (Launched by "certmgr.msc"winking smiley :
in "Trusted Root Certification Authorities" :
- Right-click on "Trusted Root Certificate Authorities" -> All tasks -> Import -> Browse
to go get Certs\Cacerts\Certificat.crt
-- Firefox, Tools -> Options -> Privacy and security
- Certificates -> View Certificates.
- Store "Authorities" then Import

--- The client or Site certificate(s) with the suffix ".pfx or .p12".
It contains the certificate, its intermediary and the private key.
-- Windows, in the Certificate Manager (certmgr.msc), "Personal" store.
-- Firefox, in the "Your Certificates" store.
The password will be requested.

I am only talking about the Firefox browser since, to my knowledge, it is the only one that manages the certificates itself, the others using Windows certificates.

Force https for one or several VirtualHost
To force a VirtualHost to be launched in https, just add a rewrite directive in its structure <VirtualHost *:80> in the httpd-vhosts.conf file.
<VirtualHost *:80>
  ServerName mysite
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ 'https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]'
  DocumentRoot "G:/www/myfolder"
  <Directory "G:/www/myfolder/">
  ....
Note: do not put the simple quotes around 'https://%{HTTP....]'. They are there to avoid the transformation into a clickable link.



Edited 16 time(s). Last edit at 10/26/2023 11:35AM by Otomatic.

Options: ReplyQuote


Sorry, you can't reply to this topic. It has been closed.