Apache https and the Pi

How to do this - on a Pi

I made this all work on a Pi3 - and here's how. For the purpose of this demonstration I am not going to discuss the details. Highlights.

I copied the code from my web server to a Pi installed a web server and PHP on the Pi and tried to run it. It failed. It turns out, after an hour or so of debugging JavaScript, that some time between 2015 and now both Chrome and Firefox decided that in order to allow location data from an HTML request the request must be from an HTTPS (secure) site. So:

Install a web server, php and ssl on my PI

apt install apache2 php ssl

Test that I can serve a web page and php by creating:

index.html:

<html><head></head><body>
<h2>Hello World</h2>
</body><html>

index.php

<?php
print "Hello World";

Request index.html and index.php from a web browser

Hello World

and

Hello World

Not exciting and it shows that the web server and PHP are working

Configure apache

I wanted to move the default location for html documents from /var/www/html to /home/pi/www/html just to make it easier to mess with files in the pi home directory.

edit /etc/apache2/apache2.conf to add the desired directory. Add:

<Directory /home/pi/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

This gives permissions for this directory.

Edit /etc/apache2/sites-enabled/000-default.conf to change the line:

DocumentRoot /var/www/html
to
DocumentRoot /home/pi/www/html

Install the code

Copy the mileage code to the Pi web server in the directory /home/pi/www/html/mileage/
Change the permissions on the .csv files (files to hold mileage entries) for the group to be www-data
Change the permissions to -rw-rw---- . This let's the web server write data into these files.

Enable SSL

We need to enable SSL because, remember, location will not work unless the requester is https. Hence the install of openssl above

Create a self signed certificate (I know Mark) If you want a real cert see Mark's presentation: https://vicpimakers.ca/march-23-2019-lets-encrypt/

sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key

Edit /etc/apache2/sites-available/000-default.conf to add the ssl section.

Add the following after the existing VirtualHost section for port 80

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    DocumentRoot /home/pi/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile "/etc/ssl/localcerts/apache.pem"
    SSLCertificateKeyFile "/etc/ssl/localcerts/apache.key"
</VirtualHost>

```
Add the apache ssl module:
```

sudo a2enmod ssl

This creates the following links in /etc/apache2/mods-enabled
lrwxrwxrwx 1 root root 26 Jan 16 15:38 ssl.conf -> ../mods-available/ssl.conf:
lrwxrwxrwx 1 root root 26 Jan 16 15:38 ssl.load -> ../mods-available/ssl.load

Check the configuration:

apache2ctl configtest

Restart the apache server:

systemctl restart apache2.service