SSL and https issues for webapp - apache

i am trying to set up https for webapp. I set up an ssl cert from letsencrypt. My domain name is now routing to https but it is going straight to apache2 homepage. My sites-available default-ssl.conf file looks as follows
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster#localhost
ServerName domain-names.com
ServerAlias www.domain-name.com
#ProxyPass / http://domain-name.com:8080/
#ProxyPassReverse / https://domain-name.com:443/
Unfortunately, before i attempted this i could access my webapp via ip_address:80/myapp.. Now i am getting a 502 proxy error.
Any help would be greatly appreciated, thank you

Related

Use Apache To Run SSL On Port 8980 Specifically

I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.

Apache : Restrict acces to webserver via IP (HTTP/HTTPS)

I run a website on a VPS and I would like to completely block access to the website via The VPS IP Address.
I made it work for HTTP but It seems impossible for HTTPS.
What I did:
<VirtualHost *:80>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
This worked perfectly as expected for http://xx.xx.xx.xx
But I could not find a way to do the same for https://xx.xx.xx.xx
Anyone can help me please?
** I am using:**
Letsencrypt Certificat
Apache 2.4
NOTE: the file containing this rule must be executed after other sites that use SSL.
ecample:
0-site1.conf = website using no ssl (port 80)
0-site1-ssl.conf = website using ssl (port 443)
1-direct-access-conf = the file containing:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
</IfModule>
Just do the same for the virtual host that is bonded to port 443:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
</IfModule>

running website with no http show different content

Im running 3 sites in one server the same IP in Ubuntu/Apache using vhost.
I bought an SSL certificate and installed it in one of my sites successfully. The problem is when I run the site with no https it shows content from my other site.
Ex.
www.aaaaa.com
www.bbbbb.com (SSL)
www.ccccc.com
when I run https://bbbbb.com there is no problem but
when I run http://bbbbb.com it shows the content of www.aaaaa.com
I know the ssl is working correctly coz I have tested it sslchecker.
This is the first time I installed SSL, I hope someone knows something about this problem.
ok just got the Answer from this link
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache
You just need to Redirect HTTPS on Apache. Solution is I added vhost port 80 on my conf file in apache to redirect it to https when accessing the site with no https.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName example.com.ca
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/example.com/example.ca.crt
SSLCertificateKeyFile /etc/ssl/example.com/example.key
SSLCertificateChainFile /etc/ssl/example.com/example.ca.ca-bundle
</VirtualHost>

Debian 8 - SSL Certificate is not working

I have recently moved a website from my old web server with 123-reg.co.uk to a new Linode web server hosted with Linode.
I am running Apache with Debian 8.9.
123-reg provided me with an SSL certificate for my website which, of course, was deactivated when I moved the website to the new server. So I set to work manually reactivating the certificate on my new server.
I was able to get the necessary SSL files (CA Bundle, Key and Certificate) from 123-reg and I followed Linode's instructions to setup the SSL certificate on their servers using the following tutorials:
First tutorial and
second tutorial.
Here is the site's config file:
<VirtualHost *:80>
# All of the files here exist on the server
SSLEngine On
SSLCertificateFile /etc/ssl/certs/zetec-it.com.crt
SSLCertificateKeyFile /etc/ssl/private/zetec-it.com.key
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt
ServerAdmin webmaster#zetec-it.com
ServerName zetec-it.com
ServerAlias www.zetec-it.com
DirectoryIndex index.html index.php
DocumentRoot /var/www/html/zetec-it.com/public_html
LogLevel warn
ErrorLog /var/www/html/zetec-it.com/log/error.log
CustomLog /var/www/html/zetec-it.com/log/access.log combined
</VirtualHost>
The setup seems legit, but when I attempt to access the website via https the browser states that the connection isn't secure.
I'm fairly new to server admin; does anyone have any suggestions or potential solutions?
You need a VirtualHost which is listening on port 443 in order to have working HTTPS. You configured your VirtualHost to listen on Port 80 while having SSLEngine On.
In order to get https working you would only need to change <VirtualHost *:80> to <VirtualHost *:443>.
Once you did that, you would not have a configuration that handles http connections to (there would not be any VirtualHost waiting for connections for ServerName zetec-it.com).
There are generally to ways to go to serve http connections requesting the same hostname:
You redirect them to https using something like this (uses mod_rewrite in order to redirect to the same path):
<VirtualHost *:80>
ServerName zetec-it.com
ServerAlias www.zetec-it.com
RewriteEngine on
RewriteRule ^ https://zetec-it.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
You deliver the same content through http as well
<VirtualHost *:80>
# All of the files here exist on the server
ServerAdmin webmaster#zetec-it.com
ServerName zetec-it.com
ServerAlias www.zetec-it.com
DirectoryIndex index.html index.php
DocumentRoot /var/www/html/zetec-it.com/public_html
LogLevel warn
ErrorLog /var/www/html/zetec-it.com/log/error.log
CustomLog /var/www/html/zetec-it.com/log/access.log combined
</VirtualHost>
Either way you need two config files, the https one (which is basically your example from above, remember to replace 80 with 443) and one for http which I gave you 2 examples for.
You can put them into separate files, remember to activate them in this case.

Name based virtual hosts serve the same SSL site

On my server I have the following vhost definition:
<VirtualHost *:80 *:443>
ServerAdmin admin#mysiste.com
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/current/public
SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/myserver.key
SSLCertificateFile /etc/ssl/ssl.crt/mysite_com.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/mysite_com.ca-bundle
<Directory /var/www/mysite.com/current/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
The site itself works fine, the problem is that if I try any other site (vhost) hosted on the same server with https and skip the warning I get served mysite.com. This wouldn't be a problem for the casual user but I noticed Google tried and actually indexed a ton of URLs on my "other" sites via https which were actually pages from mysite.com and I'm afraid I'll get penalized for duplicate content.
How do I deny the other sites to be served via https?
I solved the issue. For further reference this is Ubuntu 12.04.
In /etc/apache2/ports.conf added the following to the <IfModule mod_ssl.c> section:
NameVirtualHost *:443
As per the instructions in the above file, modified in /etc/apache2/sites-available/default-ssl from <VirtualHost _default_:443> to <VirtualHost *:443>.
Then:
sudo a2ensite default-ssl
sudo service apache2 reload
Done.