I am encountering a very curious problem with my ubuntu server setup. I am running a few websites using a LAMP stack.
One of the websites has a dedicated ip and a comodo ssl certificate. The other websites are on a shared ip and use let'sencrypt ssl certificates.
Here's the virtual host config for the website on the dedicated ip:
# domain: example.com
# public: /home/myhomefolder/public/example.com/
<VirtualHost actual_dedicated_ip:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin admin#example.com
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com/
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/myhomefolder/public/example.com/public
# Log file locations
LogLevel warn
ErrorLog /home/myhomefolder/public/example.com/log/error.log
CustomLog /home/myhomefolder/public/example.com/log/access.log combined
</VirtualHost>
<VirtualHost actual_dedicated_ip:443>
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
SSLCertificateChainFile /etc/apache2/ssl/www.example.com.ca-bundle
<Directory /home/myhomefolder/public/example.com/public>
Require all granted
AllowOverride ALL
</Directory>
ServerAdmin admin#example.com
ServerName example.com
DocumentRoot /home/myhomefolder/public/example.com/public
ErrorLog /home/myhomefolder/public/example.com/log/https_error.log
CustomLog /home/myhomefolder/public/example.com/log/https_access.log combined
</VirtualHost>
Everything works fine except on specific networks (so far I can only reproduce this on my iphone when connected to Verizon LTE but not when connected to wifi) I get either an error saying "Safari cannot open the page because too many redirects occurred" or I get a prompt with "cannot verify server identity" and the certificate details is for another websites on the same host but a different ip.
Any ideas of what may be causing this?
So I finally got to the bottom of this. It looks like verizon is using ipv6 and my vhost had only ipv4 configuration. As soon as I added my ipv6 ip in my vhost, the problem went away.
Related
I have a personal website which I'm trying to set up to use HTTPS.
I'm using an Amazon Lightsail instance with Ubuntu 18.04 and Apache/2.4.29 on it. Opened port 443 using both AWS dashboard and ufw. I also made sure openssl version is up-to-date. I have used certbot, installation completes fine, I restarted webserver but when I go to ssllabs.com to test, I get:
Assessment failed: No secure protocols supported
Now, I have 3 websites served by the webserver, DocumentRoot is set to default /var/www/html and I created a conf file for each site in /etc/apache/sites-available as example.com.conf, with a VirtualHost listening to *:80 only. All sites are tested and works fine with the .conf files.
When I ran certbot, I got a file in /etc/apache/sites-available called example.com-le-ssl.conf with this in it:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
At this point, I expected it to work since the guide on https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.html says nothing else needs to be done.
What am I missing?
Thanks in advance!
My question is about SSL installation. I purchased a new SSL for a website that's hosted on a Ubuntu 16.04 box with Apache 2.4.29. I was able to get this installed and I'm not getting any errors but my page is not redirecting. I've followed some guides (DigitalOcean) but feel as I'm missing something.
I have checked the sites-available files (000-default.conf, default-ssl.conf & example.com.conf) and I'm not seeing anything that's catching my eye, but I feel I migtht be missing something. I've checked the status of Apache and I'm not getting any errors and I've restarted the services several times to no avail.
Here's a general breakdown of what I have. Am I missing something? Is additional information required for setting this up?
000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
Redirect "/" "https://example.com/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
SSLCertificateFile /root/example.com.crt
SSLCertificateKeyFile /root/www.example.com.key
SSLCACertificateFile /root/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>4
mydomain.com.conf
<VirtualHost *:443>
ServerAdmin admin#somedomain.com
ServerName mydomain.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/html
Redirect permanent / https://example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Here is my attempt at a combined configuration. Note that I do not have your setup to test it, but I have used similar configurations on production servers.
First define your port 80 VirtualHost (000-default.conf in your setup):
Listen 80
<VirtualHost *:80>
Redirect "/" "https://example.com/"
LogLevel debug
ErrorLog "${APACHE_LOG_DIR}/80_error.log"
CustomLog "${APACHE_LOG_DIR}/80_access.log" combined
</VirtualHost>
No need for a DocumentRoot since you redirect everything.
Then comment out default-ssl.conf. This file is an example of what you could do to setup an SSL enabled VirtualHost. If you use that file AND another VirtualHost on port 443, this one will always be used, since Apache uses the first VirtualHost it finds that matches the client's request (here port 443).
Another point, VirtualHost are not "added" to one another. Each is independent of the others and must contain a complete configuration. This means you cannot put some configuration in on VirtualHost on port 443, and some in another and expect it to work.
Then create your example.com.conf file:
Listen 443
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin admin#example.com
SSLCertificateFile "/root/example.com.crt"
SSLCertificateKeyFile "/root/example.com.key"
SSLCACertificateFile "/root/intermediate.crt"
LogLevel debug
ErrorLog "logs/443_error_log"
CustomLog "logs/443_access_log" combined
DocumentRoot "/var/www/example.com/html"
DirectoryIndex index.html
<Directory "/var/www/example.com/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Some notes:
I put the LogLevel at debug, so you can troubleshoot, but once it is working, change it to error. Otherwise you will have huge log files quickly!
For the same reason, I split the logs for port 80 and port 443. Each VirtualHost should have its own logs.
The certificate files must match the domain name. Not the filename (although it makes it easier to match), but the certificate itself.
If you want your certificate to cover example.com and www.example.com, both names must be added to the alternate names in the certificate.
I do not understand why you have Redirect permanent / https://example.com in your configuration. You are already in the https, port 443 VirtualHost.
The options based on <FilesMatch> directives in the default ssl configuration can be added if you want.
This setup will ensure that all http requests will be redirected to https://example.com. Then it will use the :443 VirtualHost, use the proper certificate for that domain and serve the content from the DocumentRoot directory.
Can any one help me in configuring xampp apache server for ssl.
I have tried configuring it as follows in http-ssl:
<VirtualHost *:8443>
DocumentRoot "project_path"
ServerName domainName
ServerAlias domainName
ErrorLog "errorLog Path
TransferLog "access Log Path"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
SSLCertificateChainFile "conf/ssl.crt/bundleChain.crt"
</VirtualHost>
Errors:
When i tried accessing it with DomainName.
The site cant be reached.
When i tried accessing it with IP and Port.
The certificate is issued for domainName and hence ERR_CERT_COMMON_NAME_INVALID
Help is appreciated.
On my server I have the following vhost definition:
<VirtualHost *:80 *:443>
ServerAdmin admin#mysiste.com
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/current/public
SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/myserver.key
SSLCertificateFile /etc/ssl/ssl.crt/mysite_com.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/mysite_com.ca-bundle
<Directory /var/www/mysite.com/current/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
The site itself works fine, the problem is that if I try any other site (vhost) hosted on the same server with https and skip the warning I get served mysite.com. This wouldn't be a problem for the casual user but I noticed Google tried and actually indexed a ton of URLs on my "other" sites via https which were actually pages from mysite.com and I'm afraid I'll get penalized for duplicate content.
How do I deny the other sites to be served via https?
I solved the issue. For further reference this is Ubuntu 12.04.
In /etc/apache2/ports.conf added the following to the <IfModule mod_ssl.c> section:
NameVirtualHost *:443
As per the instructions in the above file, modified in /etc/apache2/sites-available/default-ssl from <VirtualHost _default_:443> to <VirtualHost *:443>.
Then:
sudo a2ensite default-ssl
sudo service apache2 reload
Done.
I've been following this guide as much as I could
http://robsnotebook.com/xampp-ssl-encrypt-passwords .
However whenever I browse to a page starting with https the apache server replies 404 Object Not Found.
What setting I am missing? Thanks for any help.
Found the answer. In the file xampp\apache\conf\extra\httpd-ssl.conf, under the comment SSL Virtual Host Context pages on port 443 meaning https is looked up under different document root.
Simply change the document root to the same one and problem is fixed.
You can also configure your SSL in xampp/apache/conf/extra/httpd-vhost.conf like this:
<VirtualHost *:443>
DocumentRoot C:/xampp/htdocs/yourProject
ServerName yourProject.whatever
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>
I guess, it's better not change it in the httpd-ssl.conf if you have more than one project and you need SSL on more than one of them
For XAMPP, do the following steps:
G:\xampp\apache\conf\extra\httpd-ssl.conf"
Search 'DocumentRoot' text.
Change DocumentRoot DocumentRoot "G:/xampp/htdocs" to DocumentRoot "G:/xampp/htdocs/project name".
configure SSL in xampp/apache/conf/extra/httpd-vhost.conf
http
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/myproject/web"
ServerName www.myurl.com
<Directory "C:/xampp/htdocs/myproject/web">
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
https
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/myproject/web"
ServerName www.myurl.com
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:/xampp/htdocs/myproject/web">
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
make sure server.crt & server.key path given properly otherwise this will not work.
don't forget to enable vhost in httpd.conf
# Virtual hosts
Include etc/extra/httpd-vhosts.conf
There is a better guide here for Windows:
https://shellcreeper.com/how-to-create-valid-ssl-in-localhost-for-xampp/
Basic steps:
Create an SSL certificate for your local domain using this: See more details in the link above
https://gist.github.com/turtlepod/3b8d8d0eef29de019951aa9d9dcba546
https://gist.github.com/turtlepod/e94928cddbfc46cfbaf8c3e5856577d0
Install this cert in Windows (Trusted Root Certification Authorities) See more details in the link above
Add the site in Windows hosts (C:\Windows\System32\drivers\etc\hosts)
E.g.: 127.0.0.1 site.test
Add the site in XAMPP conf (C:\xampp\apache\conf\extra\httpd-vhosts.conf)
E.g.:
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName site.test
ServerAlias *.site.test
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs"
ServerName site.test
ServerAlias *.site.test
SSLEngine on
SSLCertificateFile "crt/site.test/server.crt"
SSLCertificateKeyFile "crt/site.test/server.key"
</VirtualHost>
Restart Apache and your browser and it's done!
I finally got this to work on my own hosted xampp windows 10 server web site. I.e. padlocks came up as ssl. I am using xampp version from November 2020.
Went to certbot.eff.org. Selected from their home page software [apache] and system [windows]. Then downloaded and installed certbot software found at the next page into my C drive.
Then from command line [cmd in Windows Start and then before you open cmd right click to run cmd as admin] I enhtered the command from Certbot page above. I.e. navigated to system32-- C:\WINDOWS\system32> certbot certonly --standalone
Then followed the prompts and enteredmy domain name. This created certs as cert1.pem and key1.pem in C:\Certbot yourwebsitedomain folder. the cmd windows tells you where these are.
Then took these and changed their names from cert1.pem to my domainname or shorter+cert.pem and same for domainname or shorter+key.key. Copied these into C:\xampp\apache\ssl.crt and ssl.key folders respectively.
Then for G:\xampp\apache\conf\extra\httpd-vhosts entered the following:
<VirtualHost *:443>
DocumentRoot "G:/xampp/htdocs/yourwebsitedomainname.hopto.org/public/" ###NB My document root is public. Yours may not be. Or could have an index.php page before /public###
ServerName yourwebsitedomainnamee.hopto.org
<Directory G:/xampp/htdocs/yourwebsitedomainname.hopto.org>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
ErrorLog "G:/xampp/apache/logs/error.log"
CustomLog "G:/xampp/apache/logs/access.log" common
SSLEngine on
SSLCertificateFile "G:\xampp\apache\conf\ssl.crt\abscert.pem"
SSLCertificateKeyFile "G:\xampp\apache\conf\ssl.key\abskey.pem"
</VirtualHost>
Then navigated to G:\xampp\apache\conf\extra\httpd-ssl.conf and did as was advised above. I missed this important step for days until I read this post. Thank you!
I.e. entered
<VirtualHost _default_:443>
DocumentRoot "G:/xampp/htdocs/yourwebsitedomainnamee.hopto.org/public/"
###NB My document root is public. Yours may not be. Or could have an index.php page before /public###
SSLEngine on
SSLCertificateFile "conf/ssl.crt/abscert.pem"
SSLCertificateKeyFile "conf/ssl.key/abskey.pem"
CustomLog "G:/xampp/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Note1. I used www.noip.com to register the domain name.
Note2. Rather then try to get them to give me a ssl certificate, as I could not get it to work, the above worked instead.
Note3 I use the noip DUC software to keep my personally hosted web site in sync with noip.
Note4. Very important to stop and start xampp server after each change you make in xampp. If xampp fails for some reason instead of starting the xampp consol try the start xampp as this will give you problems you can bug fix. Copy these quickly and paste into note.txt.
In case you are on Mac OS (catalina or mojave) and wants to enable HTTPS/SSL on XAMPP for Mac, you need to enable the virtual host and use the default certificates included in XAMPP.
On your httpd-vhosts.conf file add a new vhost:
<VirtualHost *:443>
ServerAdmin webmaster#localhost.com
DocumentRoot "/Users/your-user/your-site"
ServerName your-site.local
SSLEngine on
SSLCertificateFile "etc/ssl.crt/server.crt"
SSLCertificateKeyFile "etc/ssl.key/server.key"
<Directory "/Users/your-user/your-site">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
Order allow,deny
Allow from all
</Directory>
</VirtualHost>