From 85623278cb7a6e92c5b49fba850df701140bfc7e Mon Sep 17 00:00:00 2001
From: Pascal Lafourcade <pascal.lafourcade@imag.fr>
Date: Mon, 16 Jan 2017 18:54:31 +0100
Subject: [PATCH] q

---
 TP-https.md   | 53 ++++++++++++++++++++++++++++++++++++++++++++-------
 provision1.sh | 12 ++++++++++++
 2 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/TP-https.md b/TP-https.md
index 124efda..00dd3dc 100644
--- a/TP-https.md
+++ b/TP-https.md
@@ -149,23 +149,62 @@ Question 5 : Regarder le contenu du fichier
 
 # Configuration d'Apache2
 
-La commande suivant active le module ssl d'Apache2
+Pour les fichiers de configuration d'Apache2 lisez les fichiers suivants :
+
+`/etc/apache2/ports.conf`
+port 443   `/etc/apache2/sites-available/default-ssl.conf`
+port 80 ``/etc/apache2/sites-available/000-default.conf`
+
+La commande suivant active le module ssl d'Apache2 (a2 = apache2, en = enable, mod = module)
 
 ```bash
 sudo a2enmod ssl
 ```
 
+Ce qui est équivalent à la commande suivante `ln -s /etc/apache2/sites-available/000-default.conf  /etc/apache2/sites-enabled/000-default.conf`
+
+La commande suivante active active le virtual host  
+
 ```bash
 sudo a2ensite default-ssl
+```
+
+Elle est équivalente aux deux commandes suivantes:
+
+`ln -s /etc/apache2/mods-available/ssl.conf  /etc/apache2/mods-enabled/ssl.conf`
+
+`ln -s /etc/apache2/mods-available/ssl.load  /etc/apache2/mods-enabled/ssl.load`
+
+
+La commande suivante relance le serveur Apache2
+
+```bash
 sudo systemctl reload apache2.service
 ```
 
-Qu'observez-vous sur le site `http://0.0.0.0:8443/`
+Question 7 : Qu'observez-vous sur le site `http://0.0.0.0:8443/`? Est-ce normal ?
+
+Question 8 : Observer ce site en https?
+
+Question 9 : Vérifier les détails des certificats avant d'accepter.
+
+
+# Ne plus utiliser que https
 
 
-Bad Request
+```bash
+sudo a2enmod rewrite
+```
+
+# add 3 lines
+# RewriteEngine On
+# RewriteCond %{HTTPS} off
+# RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
+# to /etc/apache2/sites-enabled/000-default.conf
 
-Your browser sent a request that this server could not understand.
-Reason: You're speaking plain HTTP to an SSL-enabled server port.
-Instead use the HTTPS scheme to access this URL, please.
-Apache/2.4.10 (Debian) Server at 127.0.1.1 Port 443
+sudo sed -i 's/<\/VirtualHost>/        RewriteEngine On\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+sudo sed -i 's/<\/VirtualHost>/        RewriteCond %{HTTPS} off\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+sudo sed -i 's/<\/VirtualHost>/        RewriteRule (.*) https:\/\/%{SERVER_NAME}:8443$1 [R,L]\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+
+```bash
+sudo systemctl reload apache2.service```
diff --git a/provision1.sh b/provision1.sh
index 16e0830..c3cc63b 100644
--- a/provision1.sh
+++ b/provision1.sh
@@ -12,3 +12,15 @@ sudo a2enmod ssl
 
 sudo a2ensite default-ssl
 sudo systemctl reload apache2.service
+
+# STEP 5 - make host accessible with https only - 80 closed or forwarded
+sudo a2enmod rewrite
+# add 3 lines
+# RewriteEngine On
+# RewriteCond %{HTTPS} off
+# RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
+# to /etc/apache2/sites-enabled/000-default.conf
+sudo sed -i 's/<\/VirtualHost>/        RewriteEngine On\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+sudo sed -i 's/<\/VirtualHost>/        RewriteCond %{HTTPS} off\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+sudo sed -i 's/<\/VirtualHost>/        RewriteRule (.*) https:\/\/%{SERVER_NAME}:8443$1 [R,L]\n<\/VirtualHost>/' /etc/apache2/sites-enabled/000-default.conf
+sudo systemctl reload apache2.service
-- 
GitLab