In researching how to do this I notice that I have to purchase an ssl certificate to get it to work. Is this the only way to do this? I am running the onion server from my home computer. It is not commercial in any way, mostly just a learning experience.. Given the nature of an onion site, it would just make sense to have it an encrypted page. Any help with the would be greatly appreciated.
Asked
Active
Viewed 369 times
1 Answers
0
Using Linux - Ubuntu 16.04 (OS)
Apache2 (Web Server)
I found the answer I was looking for Here.
I followed the directions exactly and as I executed them I noted them to these instructions. It appears to be working fine.
First Create the Certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
Second Create a Diffie-Hellman group
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Configure Apache to Use SSL
Changes to default-ssl.conf
ServerAdmin your_email@example.com
ServerName server_domain_or_IP
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Open the 000-default.conf file and add the following line the VH Block
Redirect "/" "https://your_domain_or_IP/"
Make changes to the firewall
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
Enable the Changes in Apache
sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params
sudo apache2ctl configtest
The Global warning can be ignored
sudo systemctl restart apache2
Change to a Permanent Redirect
Redirect permanent "/" "https://your_domain_or_IP/"
sudo apache2ctl configtest
The Global warning can be ignored
sudo systemctl restart apache2
The browser will say that the connection is not secure, because, it isn't signed by one of your browser's trusted certificate authorities, but, it is fine it is still encrypting.
Just choose advanced and it will send you to your homepage.
