Apache ERR_CONNECTION_REFUSED over SSL on Ubuntu - apache

I'm trying to set up an Apache (2.4) server on Ubuntu. For now I'm just trying to get it to serve static pages from /var/www/html (although eventually I want to run a WSGI Python app).
Here's my sites-available/website.conf file:
<VirtualHost *:443>
ServerAdmin email#gmail.com
ServerName website.com:443
SSLEngine on
SSLCertificateFile /root/website.csr
SSLCertificateKeyFile /root/website.key
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
(Replaced my actual domain with "website".)
When I try to connect to this by either going to my domain name or the server's IP, Chrome gives me ERR_CONNECTION_REFUSED ("This site can’t be reached").
I also tried with telnet:
root#website:/etc/apache2# telnet localhost 443
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
When I comment out all the lines to do with SSL from my config file, I can connect over telnet, but Chrome gives me ERR_SSL_PROTOCOL_ERROR ("This site can’t provide a secure connection", which I guess makes sense).
Here's also my ports.config, if that helps:
Listen 80
<IfModule ssl_module>
Listen 443
NameVirtualHost *:443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
(Yes, the SSL module is enabled.)
And the part of my apache2.conf that I often see referenced in similar questions:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
This is my first time setting up an Apache server, so I'm guessing I'm messing up something simple here?

Check if ssl mode is activated here:
sudo a2enmod ssl
sudo service apache2 restart

My problem was here:
SSLEngine on
SSLCertificateFile /root/website.csr
SSLCertificateKeyFile /root/website.key
I was linking to the .csr, not the .crt. I also didn't link to something intermediate.
Here's how it is now, which fixed it:
SSLEngine on
SSLCertificateFile /root/domain.crt
SSLCertificateKeyFile /root/domain.key
SSLCertificateChainFile /root/DigiCertCA.crt

Related

Setting a ServerName in the VirtualHost of Apache server is not working

I have tried to create a new Virtual Host in my Apache server, but I cannot address it by its new ServerName "mysite.game".
Can you spot any mistake in my code, please?
OUTPUT
What happens is that the URL http://localhost:8081/ is displaying the right website directory, while "http://mysite.game" is giving the same error HTTP Error 404.
INPUT
This is what i have done.
In C:\Windows\System32\drivers\etc\hosts, i inserted the line:
127.0.0.1 mysite.game
In http.conf I added:
Listen 0.0.0.0:8081
Listen [::0]:8081
and
<Directory "C:\game">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
In httpd-vhosts.conf, I added:
NameVirtualHost *:8081
<VirtualHost *:8081>
DocumentRoot "C:\game"
ServerName mysite.game
<Directory "C:\game">
Order Deny,Allow
Allow from all
Require all granted
</Directory>
</VirtualHost>

SSL through Apache Proxy

I have a server running lots of virtual machines, but only one public IP (and absolutely no way to obtain more). Many of these VMs use port 80 to display web content. At the moment, I use different ports to access these WebUIs, such as mydomain.com:9000, mydomain.com:7000, and so on.
What I want is to have subdomains, more like service1.mydomain.com, service2.mydomain.com...So I create a proxy VM onto which I redirect everything coming from port 80 and redirecting to internal IPs based on what the subdomain is.
Now my problem is the following: I have an SSL certificate from mydomain.com/www.mydomain.com. How can I set it up so the proxy propagates it? To me, the solutions are:
the certificate is on the proxy, so the proxy does this:
internal VM:http ---> proxy: http to https ----> outer world: https
the certificate is on the VM hosting the service and the proxy does not propagate the certificate, so the proxy does this:
internal VM: https ---> proxy https to http ---> outer world: http
the certificate is on the VM hosting the service and the proxy propagate the certificate, so the proxy does this:
internal VM: https ---> proxy: https ---> outer world: https
I'd prefer the last solution, but I don't know how to set it up on both Apaches, knowing that Apache on SSL-enabled VMs is configured as is:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
TransferLog ${APACHE_LOG_DIR}/transfer.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
CustomLog ${APACHE_LOG_DIR}/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/ssl/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Thanks in advance ;)

Virtual host - Not Found

I wolud like to use virtual host on Apache 2.4
I use Xampp and I will have more site so on it.
I have already read some guide and I have edit my httpd.config
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
and the Load
also my defalut port in busy, so I have set
Listen 8080
After that I edit my httpd-vhosts.conf in this way
NameVirtualHost *:8080
<VirtualHost *:8080>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *:8080>
ServerName sample.locl
DocumentRoot "C:\wwww\sample"
<Directory "C:\wwww\sample">
DirectoryIndex index.php
Require all granted
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:8080>
ServerName sample2.locl
DocumentRoot "C:\wwww\sample2"
<Directory "C:\wwww\sample2">
DirectoryIndex index.php
Require all granted
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
N.B. my site is in C:/www/sample and c:/www/sample2 and my xampp in in c:/xampp.
At the end I edit my host in system32 with
127.0.0.1 localhost
127.0.0.1 sample
127.0.0.1 sample2
Now I have 404 error, neither when I wrote: "localhost" in my url browser.
If i Understand how it work I suppose that when i write localhost it will be redirect to C:\xampp\htdocs and so I should see my xampp page but it's not so.. where did I go wrong?
I always recive
Not Found
HTTP Error 404. The requested resource is not found.
thanks in advance

Apache vhost always show me the same content on different subdomains

I have two subdomains on my VPS, i have registered the two subdomains in my DNS pointing to the same IP address.
the version installed is Server version: Apache/2.4.7 for Ubuntu 12.04.
I've enabled the sites with the a2ensite command and i have enable the module vhost_alias. restart and reloaded many times
stable.mydomain.com
<VirtualHost *:80>
ServerName stable.mydomain.com
DocumentRoot /var/www/stable/web
<Directory /var/www/stable/web>
Options Indexes FollowSymLinks Includes
AllowOverride All
order allow,deny
Allow from all
</Directory>
</VirtualHost>
beta.mydomain.com
<VirtualHost *:80>
ServerName beta.mydomain.com
DocumentRoot /var/www/beta/web
<Directory /var/www/beta/web>
Options Indexes FollowSymLinks Includes
AllowOverride All
order allow,deny
Allow from all
</Directory>
</VirtualHost>
my trouble is pointing my browser to any url always i get the same content and to add more confusion when i execute service apache2 reload in the two subdomains i get the content from beta.mydomain.com and when execute service apache2 restart in the two subdomains i get the content of stable.mydomain.com.
I have spent about 5 hours trying to fix this
update
event i try with the VirtualDocumentRoot
<Virtualhost *:80>
VirtualDocumentRoot "/var/www/%1/web"
ServerName stable.mydomain.com
ServerAlias *.mydomain.com
UseCanonicalName Off
<Directory "/var/www/*">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</Virtualhost>
with the same behavior explained before this update
Have you uncommented this line before defining the virtual hosts?
NameVirtualHost *:80

Getting 403 forbidden error on WAMP server when usng SSL

I have just spent the last 4 hours trying to get SSL working on my local devolopment wamp server (windows 7).
Everything seems to be setup ok now, well the server restarts without any errors at least!!
The only issue I can not seem to solve is a 403 forbidden when I try to access my site through HTTPS (SSL 443). It works fine on port 80, just not on 443.
The error log shows the following
[error] [client 127.0.0.1] client denied by server configuration: F:/My Webs/freedate/public_html/
My http.conf file has the following vhost added
<VirtualHost *:80>
ServerName www.freedate.local
ServerAlias freedate.local *.freedate.local
DocumentRoot "F:\My Webs\freedate\public_html"
<Directory "F:\My Webs\freedate\public_html">
allow from all
order allow,deny
# Enables .htaccess files for this site
AllowOverride All
</Directory>
DirectoryIndex index.html index.php
</VirtualHost>
And my httpd-ssl.conf has the following vhost added
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/wamp/bin/apache/Apache2.2.21/conf/ssl/server.crt"
SSLCertificateKeyFile "C:/wamp/bin/apache/Apache2.2.21/conf/ssl/server.key"
ServerName www.freedate.local
ServerAlias freedate.local *.freedate.local
DocumentRoot "F:\My Webs\freedate\public_html"
<Directory "F:\My Webs\freedate\public_html">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex index.html index.php
</VirtualHost>
If anyone can spot what I am doing wrong I would be most grateful, many thanks.
Kind regards
Garry
Although this is a very old question, I faced the same issue today and I am giving the solution here for anyone facing this issue in the future.
This solution should work if everything is working without SSL. You can find help working without SSL here: https://stackoverflow.com/a/14671738/2407971
In the httpd-ssl.conf file, between the <VirtualHost _default_:443> and </VirtualHost> code blocks, you will find something like this:
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
After these lines, insert the following code:
<Directory "c:/wamp64/www/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
<Directory "c:/wamp64/www/yoursite/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
This will basically allow the root directory of the www folder and yoursite to be accessible in SSL.
Restart the server and test your site.
Hope it helps.