I have an issue with my virtual host SSL configuration.
My site works on the basic domain www.my_domain.com for both HTTP and HTTPS but doesn't work on all the subdirectories.
Example:
http://www.my_domain.com - works
https://www.my_domain.com - works
http://www.my_domain.com/secondary - works
https://www.my_domain.com/secondary - doesn't work
My virtual host setup is as follows:
<VirtualHost *:80>
ServerAdmin my_domain#gmail.com
DocumentRoot /var/www/html/
ServerName www.my_domain.com
ServerAlias my_domain.com
ErrorLog /var/www/html/error.log
Alias /secondary /var/www/html/secondary/
<Directory /var/www/html/secondary/>
Options FollowSymLinks MultiViews
allow from all
order allow,deny
AllowOverride All
</Directory>
</VirtualHost>
My ssl.conf setup is as follows:
<VirtualHost _default_:443>
ServerName www.my_domain.com:443
...
SSLEngine on
SLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
The error is: The requested URL /secondary was not found on this server.
Since it solved the OP`s problem, here is my comment as an answer.
Your SSL VirtualHost does not define a DocumentRoot, so it does not know where to look for /secondary. /secondary is only defined in your HTTP (port 80) VirtualHost. You have to put all the configuration in both if you want both to return the same content.
Related
My Working url is given below which was working fine before ssl configuration. but after ssl cert configuration it is not working it is returnnig me the error
which is given below.
Url :
http://my-test-dev02.org.net:81
Error :
This page isn’t working my-test-dev02.org.net redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
Apache configuration which i have is given below :
In 000-default.conf File :
<VirtualHost *:81>
Redirect permanent / https://my-test-dev02.org.net:81
WSGIDaemonProcess skg-sa-ver12.org.net python-path=/volume/python3.8/site-packages
WSGIScriptAlias / /c/my_dashboard/my_dashboard/wsgi.py
<Directory "/c/my_dashboard/my_dashboard">
Require all granted
</Directory>
ServerAdmin webmaster#localhost
DocumentRoot /c/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf File
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
#<VirtualHost *:443>
WSGIScriptAlias / /c/my_dashboard/my_dashboard/wsgi.py
ServerAdmin nehak#org.net
<Directory "/c/my_dashboard/my_dashboard">
Require all granted
</Directory>
Alias /media/ /c/my_dashboard/my_dashboard/media/
<Directory /c/my_dashboard/my_dashboard/media>
Require all granted
</Directory>
DocumentRoot /c/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certs/my-test-dev02_org_net/my-test-dev02_org_net.cer
SSLCertificateKeyFile /etc/apache2/certs/my-test-dev02_org_net.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
In ports.conf file configuration i have :
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
above is my configuration for ssl cert and apache. I don't know why i am getting the error but without ssl cert i was able to access it. but after i am getting the error can anyone help me related this? what i am missing here and why this url is not securely redirecting ?
I have bought three certificates from SSLS (not OpenSSL like most examples and tutorials discuss) for two domains + one subdomain. Let's call them mysite1.com, www.mysite1.com and mysite2.com. I am trying to install the certificates on a single server with a single IP address. I had earlier tried this with OpenSLL and things got messed up, plus this is a production environment so I can't afford to experiment. I have looked at a lot of tutorials including:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-debian-9
Here's what I have so far:
default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mysite1.com
ServerAdmin me#mysite1.com
DocumentRoot /var/www/mysite1.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost mysite2.com:443>
ServerName mysite2.com
ServerAdmin me#mysite1.com
DocumentRoot /var/www/mysite2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I have several questions:
I assume that NameVirtualHost is no longer required (according to this) or should I put it in just in case?
Not sure what FilesMatch and Directory do - are they required?
How do I configure the www.mysite1.com address?
Anything else I need to do?
Your help is appreciated.
I'm developing a x509 authentication with apache and symfony2. My symfony aplication has also authentication with login/password on '/login' path, and I would like to configure a location in '/login_x509'.
This is my apache configuration.
<VirtualHost *:443>
ServerName extranet
DocumentRoot /var/www/symfony2/extranet/web
DirectoryIndex app.php
Timeout 600
KeepAliveTimeout 67
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/extranet.crt
SSLCertificateKeyFile /etc/apache2/ssl/extranet.key
<Location /login_x509>
SSLOptions +StdEnvVars
SSLVerifyClient optional_no_ca
SSLVerifyDepth 10
</Location>
<Directory /var/www/symfony2/extranet/web>
# enable the .htaccess rewrites
AllowOverride All
Order allow,deny
Allow from All
LimitRequestBody 1024000
</Directory>
ErrorLog /var/log/apache2/extranet_error.log
CustomLog /var/log/apache2/extranet_access.log combined
</VirtualHost>
If I comment the lines it Works perfectly. I get the SSL_CLIENT_S_DN variables on the application. But with the Location I don't get this variables.
I try to put the line "RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e" inside location but it doesn't work.
Thanks in advance.
The solution was to use LocationMatch instead of Location.
I need to read more about apache.
Thanks!
Http.conf file working fine for main domain, but I'm trying to create a subdomain and it keeps sending them both to the test page. I'm sure the problem is here (httpd.conf) but I'm not 100% on what all of this is doing.
ServerName 1.2.3.4 #hidden
<VirtualHost *:3304>
ServerName mydomain.com
ServerAlias mydomain.com
DocumentRoot "/var/www/html"
LogLevel warn
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /cert/mydomain_com.crt
SSLCertificateKeyFile /cert/mydomain_com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
UserDir "html/"
</VirtualHost>
SSLEngine off
SSLVerifyClient none
KeepAlive on
#the new sub domain - adding this causes the error
<VirtualHost 1.2.3.4>
ServerName testsite.mydomain.com
ServerAlias testsite.mydomain.com
DocumentRoot "/var/www_demo/public_html"
</VirtualHost>
Both are running a PHP framework but only the main domain requires SSL protection.
Thanks in advance
I have the following virtual hosts config:
listen 80
listen 443
servername "example.com"
serveradmin "email#example.com"
namevirtualhost *:80
namevirtualhost *:443
directoryindex index.html index.php
options -indexes -multiviews +followsymlinks
<directory /Volumes/dev1/http>
allowoverride all
</directory>
<virtualhost *:80 *:443>
servername example.com
serveralias www.example.com
documentroot "/Volumes/dev1/http/example"
rewriteengine on
SSLCertificateFile "/Volumes/dev1/ssl/_ssl-cert.crt"
SSLCertificateKeyFile "/Volumes/dev1/ssl/_ssl-privatekey.crt"
SSLCertificateChainFile "/Volumes/dev1/ssl/_ssl-csr.crt"
</virtualhost>
Of course example.com is just an ... example.
All is well if I access http://example.com, but if I try to access the HTTPS version I get
Safari can’t open the page “https://example.com/” because Safari
can’t establish a secure connection to the server “example.com”.
The _ssl* files are all in place and running httpd -t from Terminal returns Syntax OK.
What am I doing wrong? Thanks!
This what I'm using (only the vhosts section), omitting the FCGID, suexec and PHP specific parts:
<VirtualHost *:80>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache/ssl/example.key
SSLCertificateChainFile /etc/apache/ssl/gd_bundle.crt
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>