We Keep Coding

Apache HTTPD: How to setup Virtual Host correctly

I've installed Apache httpd on my Mac and "It works".
Now I need to configure a Virtual Host in order to expose my application (Java Spring) with httpd as reverse proxy in front of it.
This is what I have into /usr/local/etc/httpd/extra/httpd-vhosts.conf file
<VirtualHost *:443>
ServerName my.domain.it:443
SSLEngine on
SSLCertificateFile /path/to/cert.crt
SSLCertificateKeyFile /path/to/cert.key
ProxyPreserveHost On
ProxyPass / http://localhost:8080/myapp
ProxyPassReverse / http://localhost:8080/myapp
</VirtualHost>
In /etc/hosts I've mapped to server address in this way:
127.0.0.1 my.domain.it
And The Tomcat Connector configuration is:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" proxyPort="443" scheme="https"/>
If I run the application with Eclipse it responds correctly at http://localhost:8080/myapp/ but If I try to call https://my.domain.it/myapp/ It doesn't work and Google Chrome tells me: "This site can't be reached".
What's wrong with my configuration?
P.S.
The httpd Apache instance is configured to Listen on port 80
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
Thanks.
EDIT: SOLVED
Unfortunately I was not able to solve with Apache Httpd but now with Nginx it works. Thanks for your answers

In mod_ssl.conf (file name might be different) you should have the following line
Listen 443
It tells apache to listen on port 443 (it's include in the configuration file when you install mod_ssl to be able to expose your site over HTTPS).
The same configuration file should include all the shared configuration about the TLS.
If apache is running, you can check if port 443 is listening, using netstat:
netstat -an | grep -i list
The output should include port 80 and 443 (and some other according to the services running on the server such as ssh).
If the port is shown in the list, next step is to check apache logs for errors.

How to fix error setting SSL with certbot using?

I try to set ssl for my php/laravel application under Digital Ocean with Kubuntu 18
as in this articles
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04
But I got error trying to use certbot to obtain a free SSL certificate :
# sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
22/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
products-catalog.nilov-sergey-demo-apps.tk - that is my domain I got on freenom.com and searching I found a hint that
I need to add A-record for www subdomain
I tried to add new record as https://imgur.com/a/ijFxlzN
But trying to suBmit this page I got:
• Error occured: Invalid value in dnsrecord
What is wrong ? Can new record be issue of my problem ? Or I need to move in other way ?
UPDATED # 2
Configuration in appache is :
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/lprods/public
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias products-catalog.nilov-sergey-demo-apps.tk
<Directory /var/www/html/lprods/public>
AllowOverride All
Order Deny,Allow
Allow from all
Require all granted
</Directory>
Options FollowSymLinks
DirectoryIndex index.php
ErrorLog /var/www/html/lprods/storage/logs/error.log
CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>
with line in /etc/hosts
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
Can it be issue with my problem ?
UPDATED # 3
I made some more review and found next :
IP of my server is 138.68.107.4 and under ssh I enter the console of OS as
ssh root#138.68.107.4
But in my /etc/hosts file I had next lines pointing to some other hosts on this server:
# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4 box.example.com box
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6 csvp.nilov-sergey-demo-apps.tk
...
I modified 3 last lines as :
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.4 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4 csvp.nilov-sergey-demo-apps.tk
But I still not sure is that is valid value, as I have next error again:
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up
A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
can reason of this error be in wrong IP in /etc/hosts or some other issue ?
Thanks!

The domain www.products-catalog.nilov-sergey-demo-apps.tk does not resolve:
https://www.whatsmydns.net/#A/www.products-catalog.nilov-sergey-demo-apps.tk
So it's not a server configuration issue, you simply have to add the www.products-catalog subdomain record in you DNS manager,
or remove this: -d www.products-catalog.nilov-sergey-demo-apps.tk from the certbot command

certbot complains about:
DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
a) the local /etc/hosts file is not the public DNS zone file ...just add the domain name; because virtual host is being told apart by HTTP host headers: 138.68.107.4 nilov-sergey-demo-apps.tk
when using a DNS zone file, one does not have to add them into there, alike on the localhost.
b) then either use the certbot command without the non-existent www virtual host:
sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk
or fix DNS and virtual host, in order to serve the www virtual host; then they should work for both. an A "address" record is being expected; but a CNAME "common name" record is being provided. to fix this you just have to change the type from CNAME to A and wait until it had been distributed.
see for yourself: non-www and www. HTTPS also does not respond, at all.
c) and to fix the virtual host configuration, you have to add the proper ServerAlias:
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias www.products-catalog.nilov-sergey-demo-apps.tk

If you run certbot with --manual certonly then run with --apache option it will "reinstall" the cert to your Apache server.
Run :
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --manual --preferred-challenges dns-01 certonly
You then add DNS TXT record and click Continue on the certbot instruction.
Once complete you can run a simple --apache install like this.
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --apache
This will ask to reinstall cert and you can just select that.

webpage cannot be accessed from other computer

I'm a newbie in httpd and my problem is I cannot access my webpage from other computer.
What I am trying to do is deploying with minimal httpd.conf file with following https://www.youtube.com/watch?v=1ZioHruINOA.
/etc/httpd/conf/httpd.conf is
Listen 0.0.0.0:80
User apache
Group apache
ServerName www.example.com
ErrorLog /var/log/httpd/error.log
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule dir_module modules/mod_dir.so
DirectoryIndex index.html
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride None
Order allow,deny
allow from all
</Directory>
after I run command
sudo apachectl start
w3m 172.31.30.53
I can see the desired webpage(/var/www/html/index.html)
However, running command
w3m 172.31.30.53
on other computer's terminal does not work.
Thank you in advance.
edit1:
sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
22 ALLOW Anywhere
80 ALLOW Anywhere
Anywhere ALLOW 0.0.0.0
Apache Full (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
edit2:
/etc/apache2$ nmap 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2018-05-20 21:31 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.91 seconds

Sounds to me that you are trying to run your webserver on a Linux machine. If you want to access your webpages from other computers, you might want to check your firewall settings. Accessing locally should work, but depending on your distro, you'll have to allow access. On Ubuntu you'll have to check ufw.
EDIT 1:
Try nmap from another machine. This way you can see what ports are available. Example: nmap yourmachine

HTTPS just on localhost not on domain

I have installed an SSL certificate on my home server. I can access localhost but not https://subdomain.ofmyhp.com.
I don't know so much about SSL so I folloed this instructions to install and generate the SSL certificate. in the instructions it was said to create a new file /etc/apache2/sites-available/ssl but I already have a file /etc/apache2/sites-available/default-ssl should the two be the same?
Here is the content of the file /etc/apache2/sites-available/ssl
<virtualhost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www
</virtualhost>
This is the content of my /etc/apache2/ports.conf
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
In the ports.conf is also marked to use the defaults-ssl file to configure Apache to listen to 443
Edit:
Today I learnd that there is also a hosts file (/etc/hosts). This is what it looks like for me (with an example of course).
80.110.45.25 home.example.com mypc
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Because of current apache and ssl limitations. You can only run ONE cert per PORT (443) on a machine.
Make sure you setup your 443 virtual host as the only authoritative vhost listening and using that cert.
If you need additional vhosts, you'll need to listen on different ports.
Many people get around this by placing a proxy or loadbalancing service in front of apache. But this is beyond the scope of a home / dev environment.
Also, to enable new site configs in ubuntu, use the a2ensite command.

Connection refused in ssh tunnel to apache forward proxy setup

I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server.
So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module.
I use this configuration:
<VirtualHost localhost:8080>
ServerAdmin xxxxxxxxxxxxxxxxxxxx
ServerName yyyyyyyyyyyyyyyyyyyy
ErrorLog /var/log/apache2/proxy-error_log
CustomLog /var/log/apache2/proxy-access_log combined
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
# deny access to all IP addresses except localhost
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
# The following is my preference. Your mileage may vary.
ProxyVia Block
## allow SSL proxy
AllowCONNECT 443
</IfModule>
</VirtualHost>
After restarting apache I create a tunnel from client to server:
#> ssh -L8080:localhost:8080 <server address>
and try to access the internet through that tunnel:
#> links -http-proxy localhost:8080 http://www.linux.org
I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this:
channel 3: open failed: connect failed: Connection refused
Anyone got an idea why this connection is refused ?