howto: self signed ssl certificate for apache2 on debian buster

# create storage location for cert+key
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl

# generate cert+key
openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=7362cb9e-13a0-4043-87f3-4a176a8aec64' -keyout key.pem -out cert.pem -days 365

# enable ssl
sudo a2enmod ssl

# set up ssl, and redirect non-ssl
cat sites-available/default.conf 
<VirtualHost *:80>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost _default_:443>
  DocumentRoot /var/www/default

  ErrorLog ${APACHE_LOG_DIR}/default.ssl.error.log
  CustomLog ${APACHE_LOG_DIR}/default.ssl.access.log combined

  SSLEngine on
  SSLCertificateFile    /etc/apache2/ssl/cert.pem
  SSLCertificateKeyFile /etc/apache2/ssl/key.pem

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
  </Directory>
</VirtualHost>

# enable site and restart
a2ensite default
systemctl restart apache2

mostly as a reminder for future-me 🙂

headless wireless raspberry

Looks like raspberry has come quite a long way. headless (no monitor/screen, no keyboard, no mouse) and wireless (no ethernet/wired connection) setups are as easy as creating a wpa_supplicant.conf with your network settings:

country=us
update_config=1
ctrl_interface=/var/run/wpa_supplicant

network={
 scan_ssid=1
 ssid="NAME_OF_YOUR_WIRELESS_NETWORK"
 psk="PASSWORD_OF_YOUR_WIRELESS_NETWORK"
}

and an empty ssh file in your root partition (right after flashing, just remount the disk again by removing and re-adding it)