{"id":2123,"date":"2022-02-12T15:06:34","date_gmt":"2022-02-12T15:06:34","guid":{"rendered":"http:\/\/ve2cuy.com\/420-21e\/?page_id=2123"},"modified":"2024-03-18T15:36:30","modified_gmt":"2024-03-18T15:36:30","slug":"installation-dun-certificat-signe-sur-un-hote-virtuel-apache2","status":"publish","type":"page","link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/installation-dun-certificat-signe-sur-un-hote-virtuel-apache2\/","title":{"rendered":"Installation d&rsquo;un certificat sign\u00e9 sur un h\u00f4te virtuel apache2"},"content":{"rendered":"\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">R\u00e9sum\u00e9<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Dans ce laboratoire, nous allons apprendre \u00e0 mettre en place un certificat sign\u00e9 (<a href=\"https:\/\/fr.wikipedia.org\/wiki\/Transport_Layer_Security\">TSL\/SSL<\/a>) sur un h\u00f4te virtuel Apache2.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ce qui permettra la publication du site web en mode s\u00e9curis\u00e9 &lsquo;HTTPS&rsquo;.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Il existe plusieurs solutions payantes pour ce type de certificat. Par exemple, les h\u00e9bergeurs (comme <a href=\"https:\/\/www.godaddy.com\/en-ca\/web-security\/ssl-certificate\">godaddy<\/a>) proposent cette solution dans leur offre de services. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Il est possible de g\u00e9n\u00e9rer un certificat gratuitement en utilisant un projet comme <a href=\"https:\/\/certbot.eff.org\">Certbot<\/a>.  C&rsquo;est ce que nous ferons ici. <\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"wp-block-paragraph\">Pr\u00e9-requis<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Une adresse IP expos\u00e9e sur le r\u00e9seau Internet.<\/li><li>Un nom de domaine public associ\u00e9 \u00e0 l&rsquo;adresse IP<\/li><li>Un serveur apache2 install\u00e9 et fonctionnel<\/li><li>Un h\u00f4te virtuel Apache2<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1 &#8211; Mise en place des pr\u00e9-requis<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">1.1 &#8211; <a href=\"http:\/\/ve2cuy.com\/420-21e\/index.php\/installation-ubuntu-desktop-2\/utilisation-de-cloud-google-com\/\" data-type=\"page\" data-id=\"697\">Cr\u00e9ation d&rsquo;une VM sur cloud.google.com<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1.2 &#8211; <a href=\"http:\/\/ve2cuy.com\/420-21e\/index.php\/installation-ubuntu-desktop-2\/ajout-dune-pile-amp-au-serveur-linux\/\" data-type=\"page\" data-id=\"871\">Installation d&rsquo;apache2<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">sudo apt install apache2<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1.3 &#8211; <a href=\"http:\/\/ve2cuy.com\/420-21e\/index.php\/apache-hotes-virtuels\/\" data-type=\"page\" data-id=\"1663\">Mise en place d&rsquo;un h\u00f4te virtuel Apache2<\/a><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># Cr\u00e9ation d'un dossier pour le site virtuel\nsudo mkdir -p \/var\/www\/demo123.bounceme.net\/\n\n# Ajout d'une page d'accueil pour notre site top S\u00e9curitaire:\n$ sudo nano \/var\/www\/demo123.bounceme.net\/index.html\n&lt;!DOCTYPE html>\n&lt;html>\n  &lt;head>\n    &lt;meta charset=\"utf-8\">\n    &lt;title>Bienvenue notre site s\u00e9curis\u00e9&lt;\/title>\n  &lt;\/head>\n  &lt;body>\n    &lt;h1>&lt;center>Bienvenue notre site (bient\u00f4t) s\u00e9curis\u00e9&lt;\/center>&lt;\/h1>\n  &lt;\/body>\n&lt;\/html>\n\n# Ajuster les acc\u00e8s au nouveau site:\n$ sudo chown -R www-data:www-data \/var\/www\/demo123.bounceme.net\/ <\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">1.3.2 &#8211; Renseigner le fichier de configuration du site virtuel<\/h4>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># sudo nano \/etc\/apache2\/sites-available\/demo123.bounceme.net.conf\n# Listen 80\n# Listen 8080\n# &lt;VirtualHost *>\n\n&lt;VirtualHost *:80>\n    ServerName demo123.bounceme.net\n    ServerAlias www.demo123.bounceme.net\n    ServerAdmin webmaster@demo123.bounceme.net\n    DocumentRoot \/var\/www\/demo123.bounceme.net\/\n\n    &lt;Directory \/var\/www\/demo123.bounceme.net\/>\n        Options -Indexes +FollowSymLinks\n        AllowOverride All\n    &lt;\/Directory>\n\n    ErrorLog ${APACHE_LOG_DIR}\/demo123.bounceme.net-error.log\n    CustomLog ${APACHE_LOG_DIR}\/demo123.bounceme.net-access.log combined\n&lt;\/VirtualHost><\/pre>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">$ sudo a2ensite demo123.bounceme.net\n$ sudo systemctl restart apache2<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">1.4 &#8211; Associer l&rsquo;adresse IP externe de la VM \u00e0 un nom de domaine &#8211; <a href=\"https:\/\/www.noip.com\">noip<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1.5 &#8211; Tester le site virtuel :<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"793\" height=\"225\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.47.14.png\" alt=\"\" class=\"wp-image-2307\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.47.14.png 793w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.47.14-300x85.png 300w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.47.14-768x218.png 768w\" sizes=\"auto, (max-width: 793px) 100vw, 793px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2 &#8211; Installer certbot<\/h2>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">3 &#8211; Cr\u00e9er et installer un certificat SSL<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"> <a href=\"https:\/\/certbot.eff.org\/instructions?ws=apache&amp;os=ubuntufocal\">\u00c9tapes \u00e0 partir du site Certbot<\/a><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">$ sudo certbot --apache\n\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nEnter email address (used for urgent renewal and security notices)\n (Enter 'c' to cancel): alain.boudreault@me.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server. Do you agree?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: Y\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing, once your first certificate is successfully issued, to\nshare your email address with the Electronic Frontier Foundation, a founding\npartner of the Let's Encrypt project and the non-profit organization that\ndevelops Certbot? We'd like to send you email about our work encrypting the web,\nEFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: N\nAccount registered.\n\nWhich names would you like to activate HTTPS for?\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: demo123.bounceme.net\n2: www.demo123.bounceme.net\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): 1\nRequesting a certificate for demo123.bounceme.net\n\nSuccessfully received certificate.\nCertificate is saved at: \/etc\/letsencrypt\/live\/demo123.bounceme.net\/fullchain.pem\nKey is saved at:         \/etc\/letsencrypt\/live\/demo123.bounceme.net\/privkey.pem\nThis certificate expires on 2022-07-12.\nThese files will be updated when the certificate renews.\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\n\nDeploying certificate\nSuccessfully deployed certificate for demo123.bounceme.net to \/etc\/apache2\/sites-available\/demo123.bounceme.net-le-ssl.conf\nCongratulations! You have successfully enabled HTTPS on https:\/\/demo123.bounceme.net\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIf you like Certbot, please consider supporting our work by:\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n<\/pre>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Voil\u00e0, notre site web est maintenant s\u00e9curis\u00e9!<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"597\" height=\"430\" src=\"http:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.58.47.png\" alt=\"\" class=\"wp-image-2311\" srcset=\"https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.58.47.png 597w, https:\/\/ve2cuy.com\/420-21e\/wp-content\/uploads\/2022\/04\/Capture-decran-le-2022-04-13-a-15.58.47-300x216.png 300w\" sizes=\"auto, (max-width: 597px) 100vw, 597px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Note<\/span><\/strong>: Assurez-vous que le port 443 (HTTPS) est ouvert sur votre VM!<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u00c9tapes facultatives<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">4 &#8211; Au besoin, s&rsquo;assurer que les r\u00e8gles du pare feu laissent passer les requ\u00eates vers le service http<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">$ sudo ufw status\n\n---\n\nStatus: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \nApache                     ALLOW       Anywhere    # --> Ceci ne laisse passer que les requ\u00eates sur le port 80, pas le 443 (https) \n\n---\n\n$ sudo ufw allow 'Apache Full'\n$ sudo ufw delete allow 'Apache'\n\n---\n\n$ sudo ufw status\nStatus: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \nApache Full                ALLOW       Anywhere  # les port 80 et 443 sont maintenant ouverts<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">5 &#8211; V\u00e9rifier la configuration de renouvellement du certificat:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><span style=\"color:#cf2e2e\" class=\"tadv-color\">Note<\/span><\/strong>: Les certificats de certbot sont valides pour 90 jours.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/certbot.eff.org\/instructions?ws=apache&amp;os=ubuntufocal\">Voir ici pour programmer le renouvellement automatique<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># S'assurer que le service suivant roule:\n\n$ sudo systemctl status certbot.timer\n\n---\n\n\u25cf certbot.timer - Run certbot twice daily\n   Loaded: loaded (\/lib\/systemd\/system\/certbot.timer; enabled; vendor preset: en\n   Active: active (waiting) since Tue 2022-03-07 20:04:42 UTC; 1h 45min ago\n  Trigger: Wed 2022-03-08 11:22:45 UTC; 13h left\n\nMar 07 20:04:42 encrypt systemd[1]: Started Run certbot twice daily.\n\n---\n\n# Tester le fonctionnement de la fonction de renouvellement:\n\nsudo certbot renew --dry-run\n\n# S'il n'y a pas de msg d'erreur, c'est que tout fonctionne bien.<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>R\u00e9sum\u00e9 Dans ce laboratoire, nous allons apprendre \u00e0 mettre en place un certificat sign\u00e9 (TSL\/SSL) sur un h\u00f4te virtuel Apache2. Ce qui permettra la publication du site web en mode s\u00e9curis\u00e9 &lsquo;HTTPS&rsquo;. Il existe plusieurs solutions payantes pour ce type de certificat. Par exemple, les h\u00e9bergeurs (comme godaddy) proposent cette solution dans leur offre de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2123","page","type-page","status-publish","hentry"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/ve2cuy.com\/420-21e\/index.php\/author\/admin\/"},"uagb_comment_info":0,"uagb_excerpt":"R\u00e9sum\u00e9 Dans ce laboratoire, nous allons apprendre \u00e0 mettre en place un certificat sign\u00e9 (TSL\/SSL) sur un h\u00f4te virtuel Apache2. Ce qui permettra la publication du site web en mode s\u00e9curis\u00e9 &lsquo;HTTPS&rsquo;. Il existe plusieurs solutions payantes pour ce type de certificat. Par exemple, les h\u00e9bergeurs (comme godaddy) proposent cette solution dans leur offre de&hellip;","_links":{"self":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/2123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/comments?post=2123"}],"version-history":[{"count":17,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/2123\/revisions"}],"predecessor-version":[{"id":2315,"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/pages\/2123\/revisions\/2315"}],"wp:attachment":[{"href":"https:\/\/ve2cuy.com\/420-21e\/index.php\/wp-json\/wp\/v2\/media?parent=2123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}