(Optional) Configuring SSL for your domain

Setting up SSL for your new domain is optional, but it is recommended - with SSL you can configure Jamroom to use SSL for the login and signup pages, making your site more secure for your visitors.

Also - if you are using the ShareThis module:

https://www.jamroom.net/the-jamroom-network/networkmarket/105/share-this

and want to share audio files via an embedded MP3 player to Facebook, you will need to be running SSL - Facebook requires SSL for media embedding.

So while it is optional, it is highly recommended to setup SSL for your domain.

The first step in getting setup for SSL is to make sure you have a valid SSL certificate for your site. While you are testing it is OK to use a self-signed certificate, but if you go live you need to have "real" SSL certificate signed by a CA (Certificate Authority) - this ensures visitors to your site do not get an SSL "warning" that your SSL certificate is unsafe.

I use Namecheap for all of my domains (including jamroom.net):

http://www.namecheap.com/?aff=59571

(that has my affiliate ID on there and if you are new to Namecheap they will give me a little kickback, which is awesome

I can highly recommend Namecheap - they are low priced and have a nice, easy to use control panel. If you are currently using another domain registrar they likely sell SSL certificates as well - you can purchase yours through your current registrar.

(On a side note, if you are on Godaddy I would highly recommend changing - they've moved to a constant "upsell" model to try and tack on all sorts of stuff you don't need, which is really annoying).

Since each SSL provider handles it differently, make sure and follow the instructions you receive in the email you get when you purchase the SSL certificate for creating the necessary keys to get your SSL certificate created - that won't be covered here.

After you have received your SSL certificates (via email) from your provider, the next step is to upload the certificates to your server and configure them in your domain.

I like to store all SSL certificates in the following directory:

and I like to name them with the domain name they belong to, which makes it easy to know which is which if you have multiple SSL domains on the same server.

So upload your files to the /etc/apache2/certs directory (create the directory if it does not exist) and then name them. Note that along with your SSL certificate you may have received some other "intermediate" or "chained" certificates - these extra certificates need to be uploaded to your server as well as they provide the "chain" of trust browsers need to trace the certificate back to the CA.

For example - on Jamroom.net here's what the directory listing looks like:

the jamroom_net.key is the key that was created as part of the order process when I ordered the SSL certificate - this is the "private" key that the web server needs.

The next step is to configure the Apache config file for your domain so that SSL is enabled on port 443 and the document root is setup to be the same as your non-SSL website - this ensures Jamroom can switch back and forth between SSL and non-SSL as needed.

As the root user, edit your Apache domain config file:

(of course replace jamroom.net with the name of your config file you created for your domain).

We are going to add an entirely new section to the bottom that is basically identical to the non-SSL config - and then we will just add in the proper certificate config options.

So at the bottom of your config, add a new section that should look like this (with your domain instead of jamroom.net of course):

<VirtualHost *:443>

    ServerAdmin [YOUR_EMAIL_ADDRESS]
    ServerName [YOUR_DOMAIN]
    ServerAlias www.[YOUR_DOMAIN]

    RMode stat

    SSLEngine on
    SSLCertificateKeyFile /etc/apache2/certs/jamroom_net.key
    SSLCertificateFile /etc/apache2/certs/jamroom_net.crt
    SSLCertificateChainFile /etc/apache2/certs/jamroom_net_bundle.crt

    DirectoryIndex index.php index.html index.htm
    DocumentRoot /home/[USER_NAME]/public_html
    <Directory /home/[USER_NAME]/public_html/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog /home/[USER_NAME]/logs/error.log
    LogLevel error

</VirtualHost>

So the main difference between the non-SSL config and the SSL config is:

- we are listening on port 443 instead of 80
- we add in the specific options that tells Apache where it can find our certificate files (remember - use the actual name of your certificate files - not jamroom.net!

That's it - the config is pretty easy and straight forward.

After making your changes, save the file and restart Apache:

If you get any errors, double check that you haven't made any syntax errors in the config file and try again. If you get a notice that SSL is not enabled, run the following command as root:

and that will enable the SSL module.

Once Apache has restarted, you should be able to go to the SSL side of your domain (i.e. https) and see your Jamroom. Jamroom "autodetects" when it has been called via SSL and automatically uses an SSL URL for everything - this ensures you don't get any warnings on the site about non-SSL items being shown on an SSL page.

That's it - you're all setup on SSL now