Error in apache2 server for SSL certificate - apache

So I have purchased an SSL certificate, and need to add it to my Ubuntu running apache2 web service, however for some reason, my .conf file shows me the same error over and over again.
After running the code apache2ctl configtest they mentioned...
AH00526: Syntax error on line 58 of /etc/apache2/sites-enabled/eblossom.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
And in my .conf file...
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias /static /home/najaaz/eblossom/static
<Directory /home/najaaz/eblossom/static>
Require all granted
</Directory>
Alias /media /home/najaaz/eblossom/media
<Directory /home/najaaz/eblossom/media>
Require all granted
</Directory>
<Directory /home/najaaz/eblossom/eblossom>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/najaaz/eblossom/eblossom/wsgi.py
WSGIDaemonProcess eblossom python-path=/home/najaaz/eblossom python-home=/home/najaaz/eblossom/venv
WSGIProcessGroup eblossom
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /home/najaaz/eblossom/eblossom_lk.crt
SSLCertificateKeyFile /home/najaaz/eblossom/eblossom.lk.key
SSLCertificateChainFile /home/najaaz/eblossom/eblossom_lk.ca-bundle
</VirtualHost>
I a using a Django framework and I don't understand where and how this error is caused.
Could anyone help me with this?
Thanks!

Run the following, and try again:
a2enmod ssl && systemctl restart apache2
Basically what this command does is that, it enables mod_ssl.

Related

How to change root directory for lamp on Ubuntu

I'm trying to change the root directory of my new lamp on Ubuntu but I have an error message when I open localhost or 127.0.0.1 : **Forbidden
You don't have permission to access this resource.**
I'm using Apache/2.4.46 (Ubuntu) Server at 127.0.0.1 Port 80 with Ubuntu 21.04.
I already changed apache2.conf and 000-default.conf :
000-default.conf:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /home/matt/phpRoot
ServerName 127.0.0.1
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And apache2.conf :
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory "/home/matt/phpRoot">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
in 000-default.conf and apache2.conf
change /home/matt/phpRoot to /var/www

Apache 2 Forbidden 403 Error despite "Require all granted"

I am getting the apparently infamous apache 2 forbidden error #403, and I tried following the guides on the subject, but none seem to be working.
I am using Ubuntu Server and Apache 2.4.41
My website structure looks like /var/www/html/index.html
My apache2.conf [/etc/apache2/apache2.conf]:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/html>
Order allow,deny
Allow from all
Require all granted
</Directory>
My vhosts.conf [/etc/apache2/sites-available/000-default.conf]:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
From an Apache standpoint, your configuration seems ok.
Please verify the permissions on your /var/www/html directory. The user that runs Apache should have at least read and traversal (x) permission.
I gave the user running Apache2 permissions to the /var/www/html folder, and was then able to access the website.
Here is a URL with several permissions, I don't know specifically which one was responsible, but I believe it was sudo chmod g+w /var/www/html
https://askubuntu.com/questions/767504/permissions-problems-with-var-www-html-and-my-own-home-directory-for-a-website

Apache subdomain for graphite using mod_wsgi and SSL

I am having trouble configuring my apache with a new subdomain.
Its a ubuntu server with apache2 and graphite, I have graphite working on port 80 (installed via apt-get)
Now the apache server currently serves a website (https://subdomain1.domain.com) and I would like to set up apache to serve the graphite app on https://subdomain2.domain.com (port 443). This is so subdomain1 can access the charts from graphite.
This is my apache2-graphite.conf
<VirtualHost *:80>
WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite
WSGIProcessGroup _graphite
WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}
WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi
Alias /content/ /usr/share/graphite-web/static/
<Location "/content/">
SetHandler None
</Location>
ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined
</VirtualHost>
and the /usr/share/graphite-web/graphite.wsgi :
import os, sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'graphite.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
from graphite.logger import log
log.info("graphite.wsgi - pid %d - reloading search index" % os.getpid())
import graphite.metrics.search
I have tried changing the port and setting a ServerName and ServerAlias, and enabling SSL, but I havent been able to get this working.
Sample (not working):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName graphite.<my_domain_here>
WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite
WSGIProcessGroup _graphite
WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}
WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi
Alias /content/ /usr/share/graphite-web/static/
<Location "/content/">
SetHandler None
</Location>
ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/public.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCACertificateFile /etc/apache2/ssl/ca.crt
</VirtualHost>
I found what I was doing incorrectly:
I added the subdomain to my /etc/hosts on my workstation and It worked!
Registered the subdomain with our web host and all OK now
Ill leave this here in case it helps someone else...

Can't configure virtual host in apache ubuntu

I've tried to configure virtual host on apache for project on laravel. For this I created file in /etc/apache2/sites-available/app.conf:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName app
DocumentRoot /var/www/html/app/public
<Directory />
Options All
AllowOverride All
</Directory>
<Directory /var/www/html/app/public>
Options All
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
Then I've activated the host:
sudo a2ensite app.conf
And had following message in the terminal:
Enabling site app.
To activate the new configuration, you need to run:
service apache2 reload
Then I reloaded it
Also I've modified the '/etc/hosts':
127.0.1.1 Alexandra
127.0.0.1 app
So, now when i go on app/ in browser, it shows me folders of the project:
Index of /
app/
laravel/
project/
site/
Now if I want to display 'welcome page', I should go to app/app/public
Where is mistake in my configuration process?
Your app.conf should be edited to:
DocumentRoot /var/www/html/app/public/app/public
It appears you installed laravel in /var/www/html/app/public/app
UPDATE
You probably have the default site's DocumentRoot set to /var/www/html. If this is the case, then please:
Install laravel in:
/var/www/app
Define it's DocumentRoot as:
/var/www/app/public
Restart apache
sudo service apache2 restart

ssl on a local dev server

I am running ubuntu as a testing server on my laptop. I am attempting to set up some of the test sites with self signed ssl certificates. I think I have everything correct except perhaps the apache 2 conf files.
When creating the cerificates I gave the common name as *.hr4.mdev. "mdev" is what I have arbitrarily called my local dev environment.
So I modified my existing conf file to listen on 443 instead on 80 (line 1) and I added lines 6, 7 and 8.
<VirtualHost *:443>
ServerAdmin myemail#mydomain.com
ServerName marino.hr4.mdev
ServerAlias *.marino.hr4.mdev
DocumentRoot /var/www/marino.hr4/htdocs
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<Directory /var/www/marino.hr4/htdocs>
php_value include_path /var/www/marino.hr4/htdocs
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/marino.hr4/logs/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel debug
CustomLog /var/www/marino.hr4/logs/access.log combined
</VirtualHost>
Now when I go to the site (https://marino.hr4.mdev) I am advised that "It works!" Which is reassuring on a certain level, but it is not the content that I expected to see.
Having referenced tremor's link, my conf file now looks like this:
<VirtualHost 192.168.73.128:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ServerAdmin bernard#theminery.com
ServerName marino.hr4.mdev
ServerAlias *.marino.hr4.mdev
DocumentRoot /var/www/marino.hr4/htdocs
<Directory /var/www/marino.hr4/htdocs>
php_value include_path /var/www/marino.hr4/htdocs
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/marino.hr4/logs/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel debug
CustomLog /var/www/marino.hr4/logs/access.log combined
</VirtualHost>
after restarting Apache I am asked to add a security exception, which is fine, but I am then kicked to another site I have set up on my machine.
Add NameVirtualHost directive, something like this perhaps?
NameVirtualHost *:443
Listen 443
Your apache server is obviously serving up it's default server "It works" instead of your website.
Here is some supporting information from apache: http://wiki.apache.org/httpd/NameBasedSSLVHosts
Edit:
Potentially move your virtual host to the first referenced vhost in the conf file, default is selected based on order.
So in the end I modified the ports.conf file and added 443 to the Listen directive, so now it reads:
Listen 80 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
listen 443
</IfModule>
I also changed the first line of my conf file from
<VirtualHost 192.168.73.128:443>
back to
<VirtualHost *:443>
Special thanks to tremor for pointing me in the right direction.