Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm trying to set up a default server in nginx with SSL, path to SSL certificate should contain sitename, something like that
server {
listen 80 default_server;
listen 443 ssl default_server;
server_name _;
ssl_certificate ssl/$host_name/fullchain.pem;
ssl_certificate_key ssl/$host_name/privkey.pem;
and it doesn't work - in error log
cannot load certificate "/etc/nginx/ssl//fullchain.pem"
If I print this variable in headers with add_header XX "$http_host";
it shows the proper sitename. Is there any way to use sitename in certificate path? There are a lot of sites on my server with typical config so it's better for me to have just one config. Nginx version 1.18 and if I manually define some variable and put it in ssl_certificate parameter everything is working fine
You need to use $ssl_server_name instead of $host_name or $host - see an example in the docs. You see, the certificate is required before the client sends its HTTP request, so at that time $host_name and $host are not defined.
But as those docs say,
Note that using variables implies that a certificate will be loaded for each SSL handshake, and this may have a negative impact on performance.
So it's probably better to generate config files with fixed server names (and fixed certificate paths) for all your servers (using some kind of template).
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have a website that runs on a framework on a LAMP stack.
Now I want to extend this website by adding a bunch of new pages, but served from a different framework on a separate LAMP stack on another server that is prepared to handle more traffic.
I don't want this traffic to pass by the original website as it will be a burden to be processed by the framework. However, I can afford to have apache forwarding the traffic request to a specific folder forwarded to a separate server with a different IP address.
For example:
mydomain.com/ -> goes to server A,
mydomain.com/folder1/ -> goes to server B
How can I accomplish this with apache?
I can even afford setup a separated server to handle the separation of these request, so each server will only receive the requests it is intended to process.
Another option could be to set a subdomain like ww2.mydomain.com pointed to the IP of a separated server but will this affect my SEO ranking?
What are other options and what would be the best option for this case?
You are looking for ProxyPass directive.
Example location for mydomain.com virtualhost:
<VirtualHost ...>
ServerName mydomain.com
...
<Location /folder1/>
ProxyPass http://serverb/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
</Virtualhost>
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have just set up a server on ec2, ubuntu with nginx and an ssl certificate through namecheap (who also provide my domain).
When I hit https://example.com the certificate comes up.
How can I make it so that if a user were to hit www.example.com or http://example.com that they use the https:// connection?
I think the following should work:
server {
server_name example.com;
listen 443 ssl default_server;
# your https-specific config
}
server {
server_name example.com;
listen 80;
location / {
return 301 https://example.com$request_uri;
}
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I provided my csr file and i got the signed .cer & .p7b file for a certificate.
Now how do i install it on my server?
I have a apache 2.2 server running on ubuntu 13.04
I tried adding the certificates in Apache like this
<VirtualHost *:443>
...
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/mydomain.cert
SSLCertificateKeyFile /etc/apache2/ssl/certs/mydomain.key
SSLCertificateChainFile /etc/apache2/ssl/certs/mydomain.cer
...
</VirtualHost>
Then i restarted the apache using
sudo /etc/init.d/apache2 restart
Still the url is asking me certificates. How should i test whether my certificate is installed?
Please advice on this.
Regards,
Nasir
CER is the certificate in a Micrsoft-specific format. IE treats the file extension in a special way. It is NOT the chain file with the intermediates CA certificates. The chain file contains all certificates between a root CA and your server certificate. Without the chain file a browser is unable to verify the chain of trust.
Your CA should have a proper cert chain file for download somewhere on their site.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Can someone help me understand if I have 1 domain
www.example.com
which runs lampp on port 80 and tomcat on port 8080 ,
do I need 1 or 2 SSL certificates?
for example the commercial site runs on www.example.com but the actually web application runs on www.example.com:80/Login/
Does that mean I need 2 separate SSL EV Certificates or can I just purchase 1 and load it on both apache and tomcat because its the same domain?
Thanks
Firstly, you're probably not running your servers using SSL on ports 80 and 8080. Port 80 is the default port for HTTP whereas port 443 is the default port for HTTPS.
Tomcat tends to use port 8080 for its HTTP service and port 8443 for its HTTPS service because it tends to be run by a non-root user on Unix boxes (which can't use port numbers under 1024), and also perhaps because ports 80 and 443 tend to be taken by other services (e.g. Apache Httpd) already.
While you could technically run an HTTPS service on port 80, it's not a good idea, since you would have to specify the port in the address every time (and possibly resort to port unification if you want to run a plain HTTP service on that port too). This would lead to unnecessary confusion.
Host name verification for HTTPS is bound to host names, not port numbers. Whichever ports you use doesn't really matter. You could run both https://www.example.com/ (implicitly on port 443) with Apache Httpd and https://www.example.com:8443/ with Apache Tomcat using the same certificate, issued for www.example.com (at least). You may have to convert the storage format for the keys and certificate (Apache Httpd would use separate key and certificate files, whereas Tomcat would use a single keystore, e.g. in PKCS#12 format), but that's just a matter of converting the files on your end once the CA has issued the certificate.
In addition, it's quite unusual to use HTTPS on both Apache Httpd and Tomcat on the same machine. Typically, you'd set up your system with Apache Httpd on port 443 to handle the SSL connections, and set up a reverse proxy to have Apache Httpd dispatch the requests to your Tomcat in plain HTTP on localhost. This allows for everything to be served on https://www.example.com/ without needing to specify a non-default port. Only the front-end (Apache Httpd) would need to be configured with the certificate.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a server running Ubuntu 12.04 LTS, Pound 2.6 and Apache 2.2. I have also the apache module mod_rpaf (installed from https://github.com/gnif/mod_rpaf) installed and enabled to ensure, that in the variable REMOTE_ADDR appears the real user ip address and not the address of the proxy.
This works fine, but the variable REMOTE_HOST is not changed by mod_rpaf. This variable contains "localhost" and not the host of the given user ip address.
Can you help me, please?
Here is my mod_rpaf configuration:
root#perseus ~ # cat /etc/apache2/mods-enabled/rpaf.conf
RPAF_Enable On
RPAF_ProxyIPs 127.0.0.1
RPAF_Header X-Forwarded-For
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
Thank you
Check theses answers on a previous question about a missing REMOTE_HOST:
REMOTE_HOSTS is a variable that may or may not be populated by apache (and it's better if it is not set, else it imply a DNS query by apache for every incoming request). So Nothing on your code should rely on REMOTE_HOST. No application should assume this variable will be there and correctly filled.
mod_rpaf does what it is designed for, documentation:
Sets REMOTE_ADDR, HTTPS, and HTTP_PORT to the values provided by an upstream proxy.
Now you have a working REMOTE_ADDR, which is the only variable you should trust, make a copy of it in REMOTE_HOST if you really wants that, and simply do it in your application code.
There is a bug in Ubuntu LTS 12.04 that prevents rpaf to work at all.
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-rpaf/+bug/1002571
workaround
in rpaf.conf replace
<IfModule mod_rpaf.c>
by
<IfModule mod_rpaf-2.0.c>