I have the following 2 sections in my httpd.conf file. I have a wildcard cert installed for *.example.biz installed at the given location. As you can see the 4 SSL directives are identical (copy and pasted) in both sections. However, when I go to example.biz I get an ssh error saying the CA certificate expired in 2015. When I go to the subdomain, I get the right certificate chain that says it expires in 2018. I apologize that I am using an example, but this is for a client that must remain confidential.
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_biz_2016.key
SSLCertificateChainFile /etc/pki/tls/certs/2017_ca.crt
<Directory /var/www/MyCompany/example.com/public/>
AllowOverride All
</Directory>
ErrorLog /var/www/logs/example.com/error.log
CustomLog /var/www/logs/example.com/access.log combined
DocumentRoot /var/www/MyCompany/example.com/public/
ServerName example.biz
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/2017.crt
SSLCertificateKeyFile /etc/pki/tls/private/my_biz_2016.key
SSLCertificateChainFile /etc/pki/tls/certs/2017_ca.crt
<Directory /var/www/MyCompany/SubDomain/public/>
AllowOverride All
</Directory>
ErrorLog /var/www/logs/SubDomain/error.log
CustomLog /var/www/logs/SubDomain/access.log combined
DocumentRoot /var/www/MyCompany/SubDomain/public/
ServerName subdomain.example.biz
</VirtualHost>
Lastly, this is my .htaccess file if that is helpful:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Also: I pinged both domains, and they both point to the same server and I am not using cloudflare, or anything of the like.
I also restarted apache to make sure.
I define all of my vhosts in a vhosts file, but in my httpd.conf file I apparently set it up with a set of defaults such as:
ServerAdmin root#localhost
ServerNAme example.biz
DocumentRoot /var/www/html # I wasn't using this folder
Once I deleted those erroneous defaults, it started working.
Related
I need help configuring Apache to act as a reverse proxy with https and multiple domains, such that www.myfirstdomain.com and www.myseconddomain.com both point to x.x.x.x and than the server will selectively forward to, let's say, x.x.x.x:2400 (myfirstdomain.com, http), x.x.x.x:2401 (myfirstdomain.com, https), x.x.x.x:2600 (myseconddomain.com, http) and x.x.x.x:2601 (mysecondomain.com, https).
I tried many options but in the end I got stuck because I issued more than 5 certs (renews) per week and also I couldn't make it work.
myfirstdomain.com and www.myfirstdomain.com (http and https) were configured as follows:
/etc/apache2/sites-available/000-default.conf :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2400/
ProxyPassReverse / http://127.0.0.1:2400/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2400>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =myfirstdomain.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Then I generated the certs with certbot --apache for both www and non-www and I had this file:
/etc/apache2/sites-available/000-default-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:2401/
ProxyPassReverse / http://127.0.0.1:2401/
</VirtualHost>
<VirtualHost *:2401>
ServerName myfirstdomain.com
ServerAlias www.myfirstdomain.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/myfirstdomain/public
<Directory /var/www/html/myfirstdomain/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =myfirstdomain.com
# RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# RewriteCond %{SERVER_NAME} =www.myfirstdomain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/www.myfirstdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myfirstdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
I also tried to regenerate the HTTPS certificates but it won't work. How do I do it?
First of all, remember that Apache listens on a range of ports, for instance 80 and 443.
Virtualhosts use the same ports (80 and 443) and Apache selects the correct folder using the domain name you use.
For example, myfirstdomain.com could display /var/www/html/myfirstdomain/public, but
if apache listens on port 80, it never match the rule for *:2400.
I haven't tryed this, but you could put ProxyPass and ProxyPassReverse in each virtual hosts and leave the port to :80 or :443.
When you call myfirstdomain.com:80, the rule on apache match and it executing proxing to another server.
See this answer.
LetsEncrypt create an ACME challenge (a file with a random string) that could be reachable from the internet. The Certification Server search this file, if exists the certificate is released; if not, it throw an error.
I don't remember the correct pathof the file, but you must verify:
can you reach "myfistdomain.com" from the internet?
an external server can reach "myfistdomain.com" ? (check dns name and port forwarding of your router
can you open the ACME challenge file?
can the server open the ACME challenge file?
On some Plesk installations acme files cannot be reacheable because Plesk adds some automatic rules.
My site is not reading the htaccess file. Even if I add Deny from all at the top, the site loads fine.
Permission is 644. I have a number of sites running on the server so Apache is set up correctly.
This is my virtualhost config:
<VirtualHost 12.34.56.78:80>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /srv/www/example.com/public_html/
<Directory /srv/www/example.com/public_html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /srv/www/example.com/logs/error.log
CustomLog /srv/www/example.com/logs/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
This is what I'd added to .htaccess file to redirect www to non-www:
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
I tried adding it to virtualhost as well but it's still not redirecting.
After issuing an SSL Certificate with Let's Encrypt I had noticed it had created a duplicate conf file for port 443:
/etc/apache2/sites-available/example.com.conf
/etc/apache2/sites-available/example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost 12.34.56.78:443>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /srv/www/example.com/public_html/
<Directory /srv/www/example.com/public_html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /srv/www/example.com/logs/error.log
CustomLog /srv/www/example.com/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Prior to the LE, the original example.com.conf didn't have the AllowOverride All directive. So I assume what has happened is the contents were duplicated and then I only changed the original one.
I have a Ubuntu 16.04 VPS. I use Letsencrypt for my ssl certificates, when creating or creating a certificate, they ask if you want easy or secure access. Secure means it will redirect to https no matter what.
This works on the homepage, but it doesn't work on the subdomains. I am not redirected to https, and I just see my index.html whats just the apache default page.
So how do I fix this?
My Virtualhost:
<VirtualHost *:80>
ServerName school.luukwuijster.eu
Redirect / https://school.luukwuijster.eu
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/school.luukwuijster.eu/public/
<Directory /var/www/html/school.luukwuijster.eu/public/>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =school.luukwuijster.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
le-ssl:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName school.luukwuijster.eu
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/school.luukwuijster.eu/public/
<Directory /var/www/html/school.luukwuijster.eu/public/>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =school.luukwuijster.eu
# Some rewrite rules in this file were were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/luukwuijster.eu-0003/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/luukwuijster.eu-0003/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
For some reason its just not redirecting.
When I go to http://luukwuijster.eu I am redirected to https://luukwuijster.eu
So that works fine, but when I go to http://school.luukwuijster.eu I am not redirected and get to see the same page as on https://luukwuijster.eu
Ofcourse when I go to https://school.luukwuijster.eu i am not redirected, but I do see the right page.
How do I solve this problem?
Try to change line 3 from Redirect / https://school.luukwuijster.eu to RedirectPermanent / https://school.luukwuijster.eu/.
BTW currently your SSL cert is only valid for api.luukwuijster.eu. You should add school.luukwuijster.eu and all other domains you want to secure to your letsencrypt config.
When I run api.troop37bsa.org/user, I am able to access the page but when I run https://api.troop37bsa.org/user, I get a 404 error. When I run api.troop37bsa.org/?url=user or the secure version I get the correct page.
I am using a .htaccess file to rewrite the url so that everything after the subdomain is considered a parameter string.
So my question is two fold. How can I get https://api.troop37bsa.org/user to work and also what can I do to reduce the size of my .conf file and reduce or merge my .htaccess file.
I have an Apache Server 2.4.18.
My .conf file is setup as follows:
<VirtualHost *:80>
ServerAdmin kreichner#troop37bsa.org
ServerName api.troop37bsa.org
ServerAlias api.troop37bsa.org
DocumentRoot /var/www/troop37bsa.org/api/public
<Directory /var/www/troop37bsa.org/api/public>
DirectoryIndex index.php index.html
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
AccessFileName .htaccess
ErrorLog /var/www/troop37bsa.org/api/public/apache_error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =api.troop37bsa.org
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin kreichner#troop37bsa.org
ServerName api.troop37bsa.org
ServerAlias api.troop37bsa.org
DocumentRoot /var/www/troop37bsa.org/api/public
<Directory /var/www/troop37bsa.org/api/public>
DirectoryIndex index.php index.html
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
AccessFileName .htaccess
ErrorLog /var/www/troop37bsa.org/api/public/apache_https_error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
In my subdomain folder (ie /var/www/troop37bsa.org/api/public) I have an .htaccess file
ReWriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
RewriteRule ^(.+)$ %2index.php?url=$1 [QSA,L]
I am also using a letsencrypt SSL certificate that otherwise seems to be working fine.
Thanks
As I said in the comment section, It turns out that there was a conf file generated by letsencrypt, but it was pointing to the wrong directory publicl instead of public. When I changed the directory name. the .htaccess file did its job. I also removed the second *.443 virtualHost from my orginal conf to avoid further conflicts.
So others may not fall into the same problem the name of the conf was api.troop37bsa.org-le-ssl.conf. This set up the look ups from the SSL certificate.
the api.troop37bsa.org-le-ssl.conf code is as follows:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin kreichner#troop37bsa.org
ServerName api.troop37bsa.org
ServerAlias api.troop37bsa.org
DocumentRoot /var/www/troop37bsa.org/api/public
<Directory /var/www/troop37bsa.org/api/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/troop37bsa.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/troop37bsa.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Thank you everyone for your help.
I am trying to configure my SSL certificate on a Ubuntu 15.10 box. I have installed the certificate files and the private key in the required directory:
SSLCertificateFile /etc/apache2/ssl-certs/pts.crt
SSLCertificateKeyFile /etc/apache2/ssl-certs/msk.key
SSLCertificateChainFile /etc/apache2/ssl-certs/intermediate.crt
When I do sudo service apache2 restart I am then prompted to Enter passphrase for SSL/TLS keys for www.mydomain.com:443 (RSA): ******** and since this process reports back with no errors, I am assuming that I have at least installed the certificates and private key correctly, otherwise I would have expected an error at this stage.
My problem is that I receive ERR_CONNECTION_REFUSED when trying to load the site.
Here is my backup copy of the VirtualHost entry for the SSL site that I am using. Are there any obvious problems with this file?
I should also add that when I use this configuration, not only does the intended site fail to load, but it also causes all other sites for this apache2 box to fail to load also. Any ideas?
`<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
ServerAdmin daniel#mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost 172.30.30.21:443>
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin me#mydomain.com
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/apache2/ssl-certs/pts.crt
SSLCertificateKeyFile /etc/apache2/ssl-certs/msk.key
SSLCertificateChainFile /etc/apache2/ssl-certs/intermediate.crt
DocumentRoot /home/apts/Dropbox/mydomain.com/
<Directory /home/apts/Dropbox/mydomain.com/>
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
# <Location /squirrelmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]
# </Location>
</IfModule>
</IfModule>
SSLOptions +StrictRequire
Options +FollowSymLinks -Indexes +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLVerifyClient none
SSLProxyEngine off
</VirtualHost>`