Configure SSL/TLS settings to use a secure encrypted HTTPS connection.
On this example, it uses a certificate from Let's Encrypt.
Install the necessary module and configure the SSL settings.
# Install mod_ssl
[root@www ~]# dnf -y install mod_ssl
# Edit SSL configuration
[root@www ~]# vi /etc/httpd/conf.d/ssl.conf
# Line 43: Uncomment and set the document root
DocumentRoot "/var/www/html"
# Line 44: Uncomment and specify the hostname
ServerName www.emc.world:443
# Line 85: Change to the certificate file obtained in step 1
SSLCertificateFile /etc/letsencrypt/live/www.emc.world/cert.pem
# Line 93: Change to the key file obtained in step 1
SSLCertificateKeyFile /etc/letsencrypt/live/www.emc.world/privkey.pem
# Line 102: Change to the chain file obtained in step 1
SSLCertificateChainFile /etc/letsencrypt/live/www.emc.world/chain.pem
# Restart httpd to apply changes
[root@www ~]# systemctl restart httpd
If you would like to set an HTTP connection to redirect to HTTPS (Always on SSL/TLS), add a RewriteRule to each Host setting. For example, if you have set Virtual Hostings, add a RewriteRule as follows. It's also possible to set RewriteRule in .htaccess instead of httpd.conf.
# Edit Virtual Host configuration for redirection
[root@www ~]# vi /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.emc.world
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
# Reload httpd to apply the redirection
[root@www ~]# systemctl reload httpd
Allow HTTPS service in Firewalld. HTTPS uses 443/TCP.
# Allow HTTPS in the firewall
[root@www ~]# firewall-cmd --add-service=https
success
[root@www ~]# firewall-cmd --runtime-to-permanent
success
After setting up the HTTPS, you can test it by accessing it from a web browser.
https://[domain]/Replace [domain] with your server's domain name or IP address.