Supporting HTTPS / SSL

On sapsailing.com, we have a security certificate installed. For root users its key is visible at /etc/pki/tls/private/star_sapsailing_com.key. The certicicate is at /etc/pki/tls/certs/star_sapsailing_com.crt. To enable SSL on a server, the module mod_ssl needs to be installed. Use yum install mod_ssl.

The /etc/httpd/conf/httpd.conf file must contain the following in order to ensure that the ServerName setting is respected for selecting the appropriate VirtualHost element:

    NameVirtualHost *:80
    NameVirtualHost *:443

When this is done, the server can use the following sequence of directives inside a <VirtualHost> element:

        SSLEngine  On
        SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key

A full-blown <VirtualHost> element in a rewrite macro in 000-macros.conf then could look like this:

<Macro Event-SSL $HOSTNAME $EVENTUUID $IP $PORT>
    <VirtualHost *:443>
        ServerName $HOSTNAME

        SSLEngine  On
        SSLCertificateFile /etc/pki/tls/certs/star_sapsailing_com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/star_sapsailing_com.key

        Use Headers

        RewriteEngine on

        RewriteCond %{REQUEST_URI} "^(/)?$"
        RewriteRule ^(/)?$ "https://$HOSTNAME/gwt/Home.html?%{QUERY_STRING}#/event/:eventId=$EVENTUUID" [L,NE]

        Use Rewrite $IP $PORT
    </VirtualHost>
</Macro>

It can then be used inside the 001-events.conf file like this

Use Event-SSL ssltest.sapsailing.com "f8087b3c-c641-4fda-bf8d-0bc2abe09e40" 172.31.22.239 8888

Keep in mind that the certificate we have only is valid for *.sapsailing.com which does not include 2nd-level sub-domains such as a.b.sapsailing.com.