I'm kind of a new Apache user (version 2.4). I'm having trouble configuring the whole thing. My server has an IP address- 192.168.2.10, for example my public IP is 123.123.123.123. In my hosting provider website I did set an A record pointing at 123.123.123.123. My Apache config looks like:
Listen 443
<VirtualHost _default_:433>
# General setup for the virtual host
DocumentRoot "${SRVROOT}/htdocs"
ServerName www.example.com:443
ServerAdmin my#mail.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
The problem is I receive ERR_CONNECTION_TIMED_OUT all the time. When I tried swaping www.example.com with local IP 192.168.2.5 it KIND OF worked (SSL certificate problems because they are connected to www.example.com, but I managed to see HTTP response. Where seems to be the problem?
EDIT:
I think the problem is I can't use port 443 because it's my routers default managment port. How should I configure it then? I have NAT rule on my router that does forward every :8456 request to 192.168.2.10:443.
I resolved the issue. It was "SSL 3.0" option turned off on my router.
Related
I have two domains domainA.com and domainB.com that both point to the same IP address/server. On that server...
I have an Apache2 web server serving port 80
I have a TomCat9 serving port 8080
I want to redirect all requests (including "/") to the default port 80 of domainB.com to the TomCat9 server on port 8080, whilst leaving all traffic to domainA.com to be handled by the Apache2 web server.
Can anyone recommend a simple recipe for achieving this?
I have looked at https://tomcat.apache.org/tomcat-4.1-doc/proxy-howto.html but got somewhat lost.
May have been easier than I had expected.
I just added the following to /etc/apache2/sites-enabled/donainB.conf
<VirtualHost *:80>
ServerAdmin michael.ellis#myemail
ServerName domainB.com
ProxyPass / http://localhost:8080/
</VirtualHost>
I have no idea if this is the correct thing to do, but it seems to be doing the job.
I am self-hosting a website on a Debian computer with apache, and in my DNS configuration I have set all subdomains of my domain (*.mydomain.com) to go to the IP of my Debian computer. How do I configure apache so that if someone goes to a subdomain that doesn't have a virtual host, I have a separate file for each subdomain, they get a 404 error instead of seeing the content on the root domain? I have tried editing the 000-default.conf file and put the following in it:
<VirtualHost *:80>
ServerName null
Redirect 404 /
</VirtualHost>
<VirtualHost *:443>
ServerName null
Redirect 404 /
</VirtualHost>
But now when I got to mydomain.com I get the following error:
This site can’t provide a secure connection
mydomain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Oddly if I go to one of the subdomains that I have configured for mydomain.com it works correctly and I see the page that should be on the subdomain.
Your connection is not private
error messages comes from the certificate used which is probably not valid for the domain you're connecting to.
Wilcard certificates such as *.mydomain.com are valid for 'third-Level.mydomain.com' but NOT for 'somthing.third-Level.mydomain.com' which requires a wildcard like '*.third-Level.mydomain.com'.
You can get free and valid wildcard certificates from Let's Encrypt (https://letsencrypt.org/)
And, instead of adding port 443 to 000-default.conf, use the default-ssl.conf file. Enable default-ssl.conf using a2enconf default-ssl, and then remove the 443 from the 000-default.conf. And then, restart/reload apache using systemctl restart apache2
I've read a lot of questions and answers which seem exactly the same as mine, but I can't seem to get my setup to work. I have a VM running Apache with only HTTP support at 192.168.2.101:32773. I can access it on my local network as such just fine. I now am ready to expose it through my Apache web server that has Lets Encrypt setup to generate SSL certificates. So I added this to my server conf file:
<VirtualHost *:32773>
ServerName server.com
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.2.101:32773/
ProxyPassReverse / http://192.168.2.101:32773/
</VirtualHost>
However, I get an ERR_SSL_PROTOCOL_ERROR when I try to load it up as https://server.com:32773. If I however change my address to http://server.com:32773, it loads just fine. Anything look wrong in this snippet? Thanks!
HTTP and HTTPS need to be on different ports. Typically HTTPS is served on port 443.
This is embarrassing... At some point I changed my port forward rules to point 32773 directly to 192.168.2.101 so I could validate that the rules were working at all. The above config worked as soon as I realized I wasn't even sending traffic to my Apache SSL enabled server.
I'm running an EC2 micro instance (Amazon Linux) and can't seem to get ssl (https) working.
The error I'm getting in Chrome is "ERR_CONNECTION_REFUSED" (no data sent).
I've enabled HTTPS inbound traffic for the security group in my AWS console.
I added this in the /etc/httpd/conf/httpd.conf file. (example.com is a placeholder for my website)
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>
and it didn't work.
So to test VirtualHost, I replaced it with the following:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
http://example.com redirected to google like expected, but https://example.com didn't.
Anyone know what's the problem?
Connection refused means your server's IP stack actively rejected the incoming connection on port 443 (https) because no service is listening on port 443.
We use less and less Apache these days in my operations, because of the maturity of some other alternatives, so I may be a little rusty here, but I'm reasonably sure that your server, in spite of being configured with a way to respond to requests on port 443... is not actually listening for connections on port 443.
You probably have a listen 80 somewhere in your apache config. This will need to be accompanied by listen 443 based on httpd.apache.org/docs/2.2/bind.html:
When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how Apache responds to different IP addresses, hostnames and ports.
In addition to configuring the security group to allow the traffic over port 443, you probably also need to open port 443 on the server itself.
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
If that fixes the issue, then to save the configuration so that it persists after a reboot:
/sbin/service iptables save
I've been banging my head against the wall trying to figure out how to setup multiple SSL certificates on an amazon VPC instance (I'm using amazon's standard linux AMI)
Here's what I did:
I setup a VPC instance
Added a secondary private IP address
Added 2 elastic IP addresses & "linked" them to the private ones
Went to my domain registrar & pointed two test domains to the elastic IP addresses
Waited until new IP addresses were propagated
I uploaded the SSL certificates to the VPC instance
Then I tried editing ssl.conf, see line 74 to 93 & httpd.conf, see line 1046 to 1086:
ssl.conf
<VirtualHost domain1.com:443>
ServerName www.domain1.com:443
DocumentRoot "/var/www/html"
SSLENGINE on
SSLCertificateFile /etc/ssl/domain1_com.crt
SSLCertificateKeyFile /etc/ssl/domain1_com.key
SSLCertificateChainFile /etc/ssl/domain1_com.ca-bundle
</VirtualHost>
<VirtualHost _default_:443>
...Default SSL certificate (domain1.com) here...
</VirtualHost>
httpd.conf
<VirtualHost *:80>
ServerName domain1.com
ServerAlias www.domain1.com
DocumentRoot /var/www/html
ServerAdmin webmaster#domain1.com
</VirtualHost>
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /var/www/html
ServerAdmin webmaster#domain2.com
</VirtualHost>
I also tried <VirtualHost *:443> and <VirtualHost IP.ADDRESS:443>, didn't work either.
The result is basically this:
domain1.com (which is the default SSL certificate) works just fine (resolve fine, green bar)
domain2.com: doesn't even resolve to anything, even though when I do ping www.domain2.com, I get the correct elastic IP
My question is: Any idea how to make domain2.com resolve & use the correct SSL certificate?
EDIT / Additional Info:
I also tried this:
Temporarily stopped firewall as suggested, ie. sudo service iptables stop
From outside of EC2, curl --connect-timeout 10 https://domain2.com gave me this curl: (28) connect() timed out!
wget https://www.domain2.com/ gave me this: --2013-10-03 15:57:22-- domain2.com Resolving www.domain2.com... 54.229.111.22 Connecting to www.domain2.com|54.229.111.22|:443... failed: Connection timed out. Retrying.
EDIT (2):
I noticed 2 things:
If I use 2 network interfaces (each NIC with one private IP) sudo ifconfig doesn't show the 2nd NIC (ie. eth1), and wether I use one or two NICs, sudo ifconfig always return the 1st private IP (10.0.0.10), never the 2nd one (10.0.0.183)
Unsurprisingly, the unreachable website domain2.com corresponds to the 2nd IP (which is missing): 10.0.0.183
This command curl --interface 10.0.0.10 ifconfig.me correctly retuns the elastic IP address associated to domain1.com while
This command curl --interface 10.0.0.183 ifconfig.me retuns:
curl: (45) bind failed with errno 99: Cannot assign requested address
I followed this guid, I can see eth1, but domain2.com is still unreachable
And curl --interface 10.0.0.183 ifconfig.me now returns this:
curl: (7) Failed connect to ifconfig.me:80; Connection timed out
You will need to use ip based virtual hosting for SSL. The IP address you are going to listen will be the private, not public IP.
Your sites on port 80 can use name based virtual hosting. But you need to make sure you are using this directive: NameVirtualHost *:80
This tutorial fixed it for me
One small (but important) note:
Instead of typing this command (step #5):
echo "1 admin" >> /etc/iproute2/rt_tables
You should do this instead:
sudo vi /etc/iproute2/rt_tables
then add 1 admin at the end of the file
I think you need to follow a troubleshooting methodology for this.
Start by simplifying your configuration and verifying the basic components, then gradually build it up to the complete solution. For example:
Map the elastic IP for domain2 to a new EC2 server.
On the new server, start by making domain2.com available over HTTP
Once it is working over HTTP, set it up to work over HTTPS
Once it is working over HTTPS map the elastic IP back to the original server and make it work on the original server using HTTP
Once it is working over HTTP take the final step of getting it to work over HTTPS on the original server.
The aim here is to validate each step and isolate exactly where it is going wrong. This will then enable you to best direct your energies for solving the root cause.