Atlantic.Net Blog

How to setup HTTP Strict Transport Security (HSTS) for Apache on Oracle Linux 8

Hitesh Jethva
by Atlantic.Net (468 posts) under Tutorials, VPS Hosting
0 Comments

HSTS, which stands for “HTTP Strict Transport Security,” is a web security policy mechanism that can be used to secure HTTPS websites against downgrade attacks. HSTS prevents your web browser from accessing the website over non-HTTPS connections.

Some websites contain pages that serve requests over HTTP. To avoid the usage of HTTP protocol in such cases, the HSTS header was introduced. It forces your website to redirect URLs from HTTP to HTTPS.

In this post, we will explain how to enable HTTP Strict Transport Security (HSTS) for Apache on Oracle Linux 8.

Prerequisites

  • A fresh Oracle Linux 8 server on the Atlantic.Net Cloud Platform
  • A valid domain name pointed with your server
  • A root password configured on your server

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Oracle Linux 8 as the operating system with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your Oracle Linux 8 server, run the following command to update your base system with the latest available packages.

dnf update -y

Step 2 – Install and Configure Apache

Before starting, you will need to install the Apache web server and create a virtual host configuration file to host a website.

First, install the Apache web server with the following command:

dnf install httpd -y

Once the installation is completed, start and enable the Apache service:

systemctl start httpd
systemctl enable httpd

Next, create a new apache virtual host configuration file for domain test.linuxbuz.com.

nano /etc/httpd/conf.d/test.conf

Add the following configurations:

<VirtualHost *:80>
   ServerName test.linuxbuz.com
   ServerAdmin [email protected]
   DocumentRoot /var/www/html/
   DirectoryIndex index.html
</VirtualHost>

Save and close the file, then restart Apache to apply the changes:

systemctl restart httpd

Step 3 – Secure Apache with Let’s Encrypt SSL

Next, you will need to install the Certbot client to secure your website with SSL. You can install the Certbot client for Apache with the following command:

dnf install epel-release -y
dnf install certbot python3-certbot-apache -y

Once the installation is completed, run the following command to generate self-signed certificates:

/usr/libexec/httpd-ssl-gencerts

Next, run the following command to install Let’s Encrypt SSL for your website test.linuxbuz.com.

certbot --apache -d test.linuxbuz.com

You will be asked to provide your email and accept the terms of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf.
You must agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for test.linuxbuz.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/test.linuxbuz.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/test.linuxbuz.com/privkey.pem
This certificate expires on 2022-11-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for test.linuxbuz.com to /etc/httpd/conf.d/test-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://test.linuxbuz.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Your website test.linuxbuz.com is now secured with Let’s Encrypt SSL.

Step 4 – Enable HSTS Header

Next, you will need to activate the HSTS header within your website virtual host configuration file.

To do so, open your website virtual host configuration file:

nano /etc/httpd/conf.d/test-le-ssl.conf

Add the following line below the first line:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Save and close the file, then restart the Apache service to apply the changes.

systemctl restart httpd

Step 5 – Verify HSTS Header

Your website is now configured with HSTS header. Next, you will need to verify whether the HSTS header is activated or not.

You can verify it with the following command:

curl -s -D- https://test.linuxbuz.com/ | grep -i Strict

If everything is fine, you should get the following output:

Strict-Transport-Security: max-age=31536000; includeSubDomains

You can also verify it using the URL https://www.ssllabs.com/ssltest/index.html.

Conclusion

In the above tutorial, we explained how to enable the HSTS header for Apache on Oracle Linux 8. Your website is now secured with HSTS, and it can be accessed only through HTTPS protocol. Give HSTS a try on VPS hosting from Atlantic.Net!

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Best Cloud Consultancy or MSP in 2022
BAA Red Flags: What Should Your HIPAA-Compliant Hosting Company Be Willing to Accommodate?
HIPAA Compliance for Remote Workers: How to Maintain HIPAA Compliance with a Remote Team
How to Make the Best Use of the Cloud in the Internet of Things (IoT)
How to Make the Best Use of Artificial Intelligence in Cloud Computing

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2008 Lookout Dr,

Garland, Texas 75044

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources