Configuring HTTPS & TLS

calendar_today Sep 12, 2024 timer 9 Min Read person By PHPOG

Unencrypted traffic exposes your users to man‑in‑the‑middle attacks. Setting up HTTPS is now mandatory for any serious site. With Let’s Encrypt, it’s also free.

1. Obtain a certificate

Use Certbot to request a certificate from Let’s Encrypt. It will automatically configure Apache if you let it.

sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d example.com -d www.example.com

2. Harden TLS settings

Edit your ssl.conf to disable weak protocols and ciphers. Enforce HTTP/2 and strong Diffie-Hellman parameters.

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on

3. Redirect HTTP to HTTPS

Make sure all HTTP traffic is redirected to HTTPS to prevent downgrade attacks. Use a 301 redirect in your virtual host configuration.

SECURITY

Stop Trusting `$_POST`

A deep dive into data sanitization and Prepared Statements.

arrow_forward

SERVER OPS

LAMP Stack From Scratch

Manual setup guide for Ubuntu, Apache, MySQL, and PHP 8.2.

arrow_forward

DATABASE

MySQL Indexing Strategy

Your queries aren’t slow; your indexes are wrong. Learn B‑Trees.

arrow_forward

The Php OG: Hand-Coded PHP8 Solutions The Php OG Hand-Coded PHP8 Solutions

Hand‑coded Communities & CMS Solutions built on PHP Core Integrity.