We Keep Coding

How can i redirect HTTP requests to custom port to HTTPS/443 via Apache2?

I'm trying to configure apache2 for a specific use case. An old web server only runs in HTTP on port 8788. I want to put it behind an apache reverse-proxy (Debian) which will ensure the encryption of exchanges with the client and will make requests to the web server in HTTP/port 8788.
The reverse proxy already works for other web servers and i changed the DNS for oldserver.example.com to point to the reverse-proxy IP address.
Connections to http://oldserver.example.com and https://oldserver.example.com work correctly and display the old server's web page.
But when I try to access http://oldserver.example.com:8788 (I have to keep this access via port 8788 because the link has been posted like this for years) the browser redirects to https://oldserver.example.com:8788 and shows this error:
Secure Connection Failed
In the configuration files and logs below, I replaced the reverse proxy IP address with X.X.X.X; the IP address of the oldserver by Y.Y.Y.Y and the IP addresses of the clients by Z.Z.Z.Z.
When I try with wget, everything seems OK:
wget -v http://oldserver.example.com:8788
--2022-09-14 14:36:15-- http://oldserver.example.com:8788/
Resolving oldserver.example.com (oldserver.example.com)... X.X.X.X
Connecting to oldserver.example.com (oldserver.example.com)|X.X.X.X|:8788... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://oldserver.example.com/ [following]
--2022-09-14 14:36:15-- https://oldserver.example.com/
Connecting to oldserver.example.com (oldserver.example.com)|X.X.X.X|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11628 (11K) [text/html]
Saving to: 'index.html'
index.html.3 100%[=================================================================================================================>] 11.36K --.-KB/s in 0s
2022-09-14 14:36:15 (42.0 MB/s) - 'index.html' saved [11628/11628]
Configuration files
/etc/apache2/sites-available/oldserver.conf :
<VirtualHost *:80 *:8788>
ServerName oldserver.example.com
include /etc/apache2/xyz/general.conf
include /etc/apache2/xyz/redirect-ssl.conf
ErrorLog ${APACHE_LOG_DIR}/error_oldserver.log
CustomLog ${APACHE_LOG_DIR}/access_oldserver.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName oldserver.example.com
ErrorLog ${APACHE_LOG_DIR}/error_oldserver.log
CustomLog ${APACHE_LOG_DIR}/access_oldserver.log combined
include /etc/apache2/xyz/general.conf
include /etc/apache2/xyz/ssl.conf
include /etc/apache2/xyz/revproxy.conf
ProxyPass / http://Y.Y.Y.Y:8788/
ProxyPassreverse / http://Y.Y.Y.Y:8788/
</Virtualhost>
</IfModule>
/etc/apache2/xyz/general.conf :
ServerAdmin system#example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Protocols h2 http/1.1
DocumentRoot /var/www/html
ErrorDocument 500 https://reverseproxy.example.com/
ErrorDocument 503 https://reverseproxy.example.com/
/etc/apache2/xyz/redirect-ssl.conf :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
/etc/apache2/xyz/revproxy.conf :
ProxyPreserveHost On
ProxyRequests Off
SSLProxyEngine on
/etc/apache2/xyz/ssl.conf:
#####▒| SSL #####
SSLEngine on
Header always set Strict-Transport-Security "max-age=15768000"
SSLCertificateFile /etc/ssl/wildcard.example.com.crt
SSLCertificateKeyFile /etc/ssl/wildcard.example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Logs
Strangely, on the reverse proxy, I have nothing in the /var/log/apache2/error_oldserver.log file but I find traces of the connections in the /var/log/apache2/error.log file:
error.log:[Wed Sep 14 14:43:53.497291 2022] [proxy_http:error] [pid 36806:tid 139808714381056] (20014)Internal error (specific information not available): [client Z.Z.Z.Z:51225] AH01102: error reading status line from remote server Y.Y.Y.Y:8788, referer: https://oldserver.example.com/
I don't have access to the logs of the oldserver.
Thank you in advance for your help.

Add new block with port *:8788 in the same virtual host and add LISTEN 8788 in the same block in virtual host file. And port should be opened from Security Group.
<VirtualHost *:443>
ServerName oldserver.example.com
DocumentRoot /var/www/oldserver.example.com/public
<Directory /var/www/oldserver.example.com>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/oldserver.example.com/error.log
CustomLog /var/www/oldserver.example.com/access.log combined
SSLEngine on
SSLCertificateKeyFile /SSL Certificate path/xxx.pem
SSLCertificateFile /SSL Certificate path/xxx.pem
SSLCertificateChainFile /SSL Certificate path/xxx.pem
</VirtualHost>
LISTEN 8788
<VirtualHost *:8788>
ServerName oldserver.example.com
DocumentRoot /var/www/oldserver.example.com/public
<Directory /var/www/oldserver.example.com>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateKeyFile /SSL Certificate path/xxx.pem
SSLCertificateFile /SSL Certificate path/xxx.pem
SSLCertificateChainFile /SSL Certificate path/xxx.pem
</VirtualHost>

Apache Virtual host document root AND proxy file access forbidden

I am setting up my personal domain and I have this config:
ServerAdmin contact#brentc.in
Listen 80
<VirtualHost *:80>
DocumentRoot "/www/brentc.in"
ServerName brentc.in
ServerAlias www.brentc.in
</VirtualHost>
Listen 443 https
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
ServerName brentc.in
ServerAlias www.brentc.in
DocumentRoot /www/brentc.in/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName atlassian.brentc.in
ServerAlias www.atlassian.brentc.in
DocumentRoot /www/atlassian.brentc.in/
Options Indexes FollowSymLinks Includes ExecCGI
SSLProtocol all -SSLv2
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /jira/secure/admin/IntegrityChecker.jspa http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa timeout=3600
ProxyPassReverse /jira/secure/admin/IntegrityChecker.jspa http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /jira>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
ProxyPass http://localhost:8081/jira retry=0
ProxyPassReverse http://localhost:8081/jira
SetOutputFilter DEFLATE
</Location>
</VirtualHost>
For the first domain (brentc.in) I can access index.html just fine.
For the second domain (atlassian.brentc.in) it shows the apache sample (test 123) page and when I explicitly go to index.html it says I'm not allowed to access the file.
My file permissions are exactly the same as the working index.html. Am I missing something here?
The atlassian.brentc.in is also a proxy to a behind the scenes tomcat server. My intention is, when you go to atlassian.brentc.in it shows you a landing page. Then from there you can go to atlassian.brentc.in/jira.
The error_log contains this:
[Wed Jun 14 10:43:47.714099 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/index.html
[Wed Jun 14 10:43:47.952670 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/favicon.ico, referer: https://atlassian.brentc.in/index.html

i think you need to add something like this
<Directory "your/sample/directory">
# AllowOverride All # Deprecated
# Order Allow,Deny # Deprecated
# Allow from all # Deprecated
# --New way of doing it this is the important part
Require all granted
</Directory>

Apache Http.conf subdomain

Http.conf file working fine for main domain, but I'm trying to create a subdomain and it keeps sending them both to the test page. I'm sure the problem is here (httpd.conf) but I'm not 100% on what all of this is doing.
ServerName 1.2.3.4 #hidden
<VirtualHost *:3304>
ServerName mydomain.com
ServerAlias mydomain.com
DocumentRoot "/var/www/html"
LogLevel warn
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /cert/mydomain_com.crt
SSLCertificateKeyFile /cert/mydomain_com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
UserDir "html/"
</VirtualHost>
SSLEngine off
SSLVerifyClient none
KeepAlive on
#the new sub domain - adding this causes the error
<VirtualHost 1.2.3.4>
ServerName testsite.mydomain.com
ServerAlias testsite.mydomain.com
DocumentRoot "/var/www_demo/public_html"
</VirtualHost>
Both are running a PHP framework but only the main domain requires SSL protection.
Thanks in advance

XAMPP - RSA certificate and SSL error. How to configure httpd.conf and httpd-ssl.conf

I installed XAMPP on an HP server, it has a valid IP address.
The XAMPP was working but a few days ago it suddenly stopped and stared reporting this error:
[pid 4196:tid 404] AH00098: pid file E:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[pid 4196:tid 404] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
This is a snippet of httpd.conf:
ServerRoot "E:/xampp/apache"
ServerAdmin postmaster#localhost
ServerName localhost:88
This is a snippet of httpd-ssl.conf (enbabled lines):
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:E:/xampp/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "E:/xampp/htdocs"
ServerName www.example.com:443
ServerAdmin admin#example.com
ErrorLog "E:/xampp/apache/logs/error.log"
TransferLog "E:/xampp/apache/logs/access.log"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "E:/xampp/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "E:/xampp/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
From what I have searched and proposed in XAMPP - Apache has error with RSA certificate and SSL I think the source of problem might be ServerName so I put the configuration but I really don't know how to configure it.
I tried the solution given in the above link, but it didn't work.

hosting multiple SSL certs on apache

I hope someone can give me a hand with this. I have 2 IPs that I can use to do this and need to host 2 different secure (SSL) domains on the same Apache server. I've read that as of Apache 2.2.something that a single IP can be used, using some sort of add-in but I want to keep this as simple as possible and am willing to use both IPs to accomplish this task. I already have the 2 signed certificates for the domains.
This setup that I am posting here, works, but the issue I am having is that when I go to domain2.net, I receive a browser warning telling me that the cert does not match the domain but matches domain1.com
I'm using CentOS 5 and Apache 2.2.3. CentOS has a ssl.conf file and these lines are what I believe are giving me trouble:
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
I was under the impression that I could override these values in the virtual host containers and reference the keys that I need but it doesn't appear that way. When I comment these two lines out in the ssl.conf file, Apache won't restart. The ssl_log hints: SSLCertificateKeyFile
These are my virtual containers:
<VirtualHost 2.2.2.2:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain2.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain2.net.key
DocumentRoot "/var/www/domain2"
ServerName domain2.net
ServerAlias domain2.net
DirectoryIndex "index.php"
<Directory /var/www/html/domain2>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 1.1.1.1:444>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
DocumentRoot "/var/www/html"
ServerName domain1.com
ServerAlias domain1.com
DirectoryIndex "index.php"
<Directory /var/www/html>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
How can I get these two domains to work using SSL? I've also tried to use the same port for the different IPs but again, Apache won't restart.
I'm truly lost on this so if someone could lend a hand, I'd really appreciate it.

Great question!
I was able to get two SSL certificates working on the same server. You should be able to do what you are trying to do.
The things in your configuration that stand out as odd to me:
I'd suggest using port 443 for both SSL-protected sites. You should have a specific instruction in apache's conf files somewhere for listening on port 443. For me it is located in /etc/apache2/ports.conf
Listen 443
.
It seems odd that you have ServerName and ServerAlias both using the same domain per virtual host. Try making the ServerAlias different or leaving it out:
ServerName domain1.com
ServerAlias www.domain1.com
.
I am assuming that you replaced your IPs and domains in your posted conf. Even if they are not the actual IPs you are using, you might want to double check that they can get you to the right place outside of SSL (since obviously SSL is not working).
.
Check the apache2 error log for more information. For me the log is located at: /var/log/apache2/error.log . You can set it with:
ErrorLog /var/log/apache2/error.log
And finally, for your reference here is my ssl-default (ssl.conf). I replaced my domains and IPs with the ones you used in your example conf. I have multiple subdomains working with NameVirtualHost since I have a wildcard cert:
<IfModule mod_ssl.c>
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
NameVirtualHost 1.1.1.1:443
NameVirtualHost 2.2.2.2:443
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# 1.1.1.1 = domain1.com
<VirtualHost 1.1.1.1:443>
ServerName www.domain1.com
ServerAdmin admin#domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/www.domain1.com/web
DirectoryIndex index.php index.html
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName secure.domain1.com
ServerAdmin admin#domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/secure.domain1.com/
DirectoryIndex index.php index.html
</VirtualHost>
# 2.2.2.2 = *.domain2.com
<VirtualHost 2.2.2.2:443>
ServerName admin.domain2.com
ServerAdmin admin#domain2.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain2.key
SSLCertificateFile /var/www/ssl/domain2.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
DocumentRoot /var/www/domain2/secure.domain2.com/web
DirectoryIndex index.php index.html
php_flag display_errors on
php_value error_reporting 7
</VirtualHost>
</IfModule>
I hope this helps!!

You don't need a separate ssl.config file, but if you want to use one, then put your SSL <VirtualHost XXX:443> containers in your ssl.conf file rather than in your httpd,conf file.
The other option which we use on our site is to put the settings from the ssl.conf file in our httpd.conf file and rename the ssl.conf file to something like ssl.conf.bak (to keep it for reference).

It might help to put this Apache command before the first Virtual Host:
SSLStrictSNIVHostCheck on
This enabled me to have several different domains each with its own keys running on the same IP without getting confused.