Web
Directori
Seu Electrònica
Intranet
Serveis d'Intranet
Control horari
DTIC
DTIC - Incidències
Servei de biblioteca
——–
Avis Legal, UAB
Protecció de dades, UAB
This is an old revision of the document!
Cal convertir el servidor HTTP en HTTPS. He descartat les opcions de fer-ho amb un certificat auto-signat (self-signed) o amb un certificat aconseguit a través del Servei d'Informàtica perquè el primer no és acceptat per defecte pels navegadors i perquè el segon mecanisme implica força burocràcia i no sembla que sigui automatitzable.
Això ens deixa l'opció de fer servir certificats emesos per Let’s Encrypt, una Autoritat de Certificació sense ànim de lucre que actualment proporciona certificats TLS a 260 milions de llocs web.
Aquesta pàgina conté la descripció detallada del procés d'obtenció dels certificats i la configuració del servidor HTTPS amb Apache a Debian 10.12 “buster”.
El paquet certbot permet configurar automàticament la configuració d'HTTPS amb Let's Encrypt,
automatically configure HTTPS using Let's Encrypt
The objective of Certbot, Let's Encrypt, and the ACME (Automated Certificate Management Environment) protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.
This agent is used to:
This package contains the main application, including the standalone and the manual authenticators.
La versió disponible per Debian 10 és la 0.31.0-1, mentre que la versió actual és la 1.29. Per aquest motiu, en comptes del paquet de la distribució, faig servir el paquet disponible a la web del programa certbot.
Començo per desintal·lar el paquet certbot de la distribució:
# apt purge certbot Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: python-pyicu python3-acme python3-certbot python3-configargparse python3-configobj python3-future python3-josepy python3-mock python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Use 'apt autoremove' to remove them. The following packages will be REMOVED: certbot* 0 upgraded, 0 newly installed, 1 to remove and 39 not upgraded. After this operation, 70.7 kB disk space will be freed. Do you want to continue? [Y/n] (Reading database ... 254784 files and directories currently installed.) Removing certbot (0.31.0-1+deb10u1) ... Processing triggers for man-db (2.8.5-2) ... (Reading database ... 254773 files and directories currently installed.) Purging configuration files for certbot (0.31.0-1+deb10u1) ... root@sermnserver:/etc/apache2# apt autoremove Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: python-pyicu python3-acme python3-certbot python3-configargparse python3-configobj python3-future python3-josepy python3-mock python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339 python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface 0 upgraded, 0 newly installed, 17 to remove and 39 not upgraded. After this operation, 6,955 kB disk space will be freed. Do you want to continue? [Y/n] (Reading database ... 254769 files and directories currently installed.) Removing python-pyicu (2.2-2) ... Removing python3-certbot (0.31.0-1+deb10u1) ... [...] Removing python3-zope.event (4.2.0-1) ... Removing python3-zope.hookable (4.0.4-4+b4) ... Removing python3-zope.interface (4.3.2-1+b2) ...
Tot seguit instal·lo el paquet d'acord amb les instruccions que hi ha a la web del programa.
El primer pas és instal·lar el paquet snapd
# apt install snapd Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: liblzo2-2 squashfs-tools The following NEW packages will be installed: liblzo2-2 snapd squashfs-tools 0 upgraded, 3 newly installed, 0 to remove and 39 not upgraded. Need to get 14.4 MB/14.5 MB of archives. After this operation, 61.5 MB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ftp.es.debian.org/debian buster/main amd64 squashfs-tools amd64 1:4.3-12+deb10u2 [126 kB] Get:2 http://ftp.es.debian.org/debian buster/main amd64 snapd amd64 2.37.4-1+deb10u1 [14.3 MB] Fetched 14.4 MB in 2s (6,188 kB/s) Selecting previously unselected package liblzo2-2:amd64. (Reading database ... 253947 files and directories currently installed.) Preparing to unpack .../liblzo2-2_2.10-0.1_amd64.deb ... Unpacking liblzo2-2:amd64 (2.10-0.1) ... Selecting previously unselected package squashfs-tools. Preparing to unpack .../squashfs-tools_1%3a4.3-12+deb10u2_amd64.deb ... Unpacking squashfs-tools (1:4.3-12+deb10u2) ... Selecting previously unselected package snapd. Preparing to unpack .../snapd_2.37.4-1+deb10u1_amd64.deb ... Unpacking snapd (2.37.4-1+deb10u1) ... Setting up liblzo2-2:amd64 (2.10-0.1) ... Setting up squashfs-tools (1:4.3-12+deb10u2) ... Setting up snapd (2.37.4-1+deb10u1) ... Created symlink /etc/systemd/system/multi-user.target.wants/snapd.seeded.service → /lib/systemd/system/snapd.seeded.service. Created symlink /etc/systemd/system/cloud-final.service.wants/snapd.seeded.service → /lib/systemd/system/snapd.seeded.service. Created symlink /etc/systemd/system/multi-user.target.wants/snapd.service → /lib/systemd/system/snapd.service. Created symlink /etc/systemd/system/sockets.target.wants/snapd.socket → /lib/systemd/system/snapd.socket. Processing triggers for mime-support (3.62) ... Processing triggers for libc-bin (2.28-10+deb10u1) ... Processing triggers for man-db (2.8.5-2) ... Processing triggers for desktop-file-utils (0.23-4) ... root@sermnserver:/etc/apache2# snap install core ; snap refresh core 2022-09-27T13:24:51+02:00 INFO Waiting for restart... core 16-2.57.1 from Canonical✓ installed Channel latest/stable for core is closed; temporarily forwarding to stable. 2022-09-27T13:25:30+02:00 INFO Waiting for automatic snapd restart... core 16-2.57.2 from Canonical✓ refreshed
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
