tencent cloud

Overview

This document describes how to install an SSL certificate in a Lighthouse instance and enable HTTPS access. The example instance uses an LAMP application image with Apache software pre-installed.

Note

The SSL certificate used in the document is provided by Tencent Cloud. For more information on this service, see Overview and Purchase Guide.

Preparation

• Install the remote file copy tool such as WinSCP. The latest official version is recommended.
• Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
• Open port 443 in your firewall policy. For more information, see Managing Firewall.
• The data required to install the SSL certificate includes the following:

  Name	Description
  Lighthouse instance's public IP address	Instance IP address used to connect a local computer to the instance.
  Username	The username used to log in to the Lighthouse instance, such as `root`.
  Password or SSH key	The password matching the username used to log in to the Lighthouse instance, or the bound SSH key.

  Note

  You can log in to the Lighthouse console, find the target instance, and enter its details page to view its public IP address. After the instance is created, first reset the password and remember it, or bind an SSH key and save the private key file. For more information, see Resetting Password and Managing Keys.

Directions

Installing certificate

1. Log in to the SSL Certificates Service console, download and decompress the SSL certificate file (with the name cloud.tencent.com as an example here) to a local directory.
   After decompression, you can get the relevant certificate files, including the Apache folder and CSR file:
   • Folder name: Apache
   • Files in the folder:
     • 1_root_bundle.crt: Certificate file
     • 2_cloud.tencent.com.crt: Certificate file
     • 3_cloud.tencent.com.key: Private key file
   • CSR file: cloud.tencent.com.csr file

     Note

     You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.

2. Log in to the Lighthouse instance. See Logging In to Linux Instance via WebShell.
3. Run the following commands in sequence to enter the Apache installation directory and create the ssl folder.

   cd /usr/local/lighthouse/softwares/apache
   

sudo mkdir ssl

4. Copy the obtained 1_root_bundle.crt, 2_cloud.tencent.com.crt, and 3_cloud.tencent.com.key files from the local directory to the created /usr/local/lighthouse/softwares/apache/ssl directory. For more information, see Uploading Local Files to Lighthouse.

5. Run the following command to edit the httpd.conf configuration file.

   sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
   

6. Press i to enter the edit mode and make the following changes:

   1. Delete the # in #LoadModule ssl_module modules/mod_ssl.so.

   2. Delete the # in #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so.

   3. Replace localhost in ServerName localhost with the certificate name. A modified sample is as shown below:

      ServerName cloud.tencent.com
      

   4. Delete the # in #Include conf/extra/httpd-ssl.conf.

7. Press Esc and enter :wq to save the changes.

8. Run the following command to modify the httpd-ssl.conf configuration file.

   sudo vim /usr/local/lighthouse/softwares/apache/conf/extra/httpd-ssl.conf
   

9. Press i to enter the edit mode and make the following changes in <virtualhost _default_:443="">:

   1. Replace www.example.com:443 in ServerName www.example.com:443 with the certificate name. A modified sample is as shown below:

      ServerName cloud.tencent.com
      

   2. Modify the paths of the certificate files:

      SSLCertificateFile "/usr/local/lighthouse/softwares/apache/ssl/2_cloud.tencent.com.crt"
      SSLCertificateKeyFile "/usr/local/lighthouse/softwares/apache/ssl/3_cloud.tencent.com.key"
      SSLCertificateChainFile "/usr/local/lighthouse/softwares/apache/ssl/1_root_bundle.crt"

10. Add the following content:

    <Directory "/usr/local/lighthouse/softwares/apache/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
    </Directory>
    

11. Press Esc and enter :wq to save the changes.

12. Run the following command to restart the Apache service.

    sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart
    

After the successful restart, you can use https://cloud.tencent.com for access as shown below:

(Optional) Setting automatic redirect of HTTP request to HTTPS

You can configure the instance to automatically redirect HTTP requests to HTTPS in the following steps:

1. Run the following command to edit the httpd.conf configuration file .

   sudo vim /usr/local/lighthouse/softwares/apache/conf/httpd.conf
   

2. Press i to enter the edit mode and make the following changes:

   1. Delete the # in #LoadModule rewrite_module modules/mod_rewrite.so.
   2. Find <Directory "/home/www/htdocs/"> and add the following content:

      RewriteEngine on
      RewriteCond %{SERVER_PORT} !^443$
      RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
      

The result should be as follows:

3. Press Esc and enter :wq to save the changes.
4. Run the following command to restart the Apache service.

sudo /usr/local/lighthouse/softwares/apache/bin/httpd -k restart

At this point, you have successfully set the automatic redirect to HTTPS. You can use http://cloud.tencent.com to redirect to the HTTPS page.