How to configure httpd.conf for https migration - apache

How to set up httpd.conf file.
<VirtualHost *:443>
SSLEngine on
ServerAdmin info#example.com
DocumentRoot "/var/www/html/example.com/"
ServerName www.example.com
SSLCertificateFile /home/thisisme/4b0aa83ea92071ef.crt
SSLCertificateKeyFile /home/thisisme/SevenPointTwo2015.pem
SSLCACertificateFile /home/thisisme/gd_bundle-g2-g1.crt
ErrorLog "/var/www/html/example.com/logs/error.log"
CustomLog "/var/www/html/example.com/logs/custom.log" common
</VirtualHost>
Is this enough.?
Will I be able to access image files, css files and javascripts.?
Do I need to append anything else.?

Fixed my problem. I had revoke the SSL Layer for certain folders.

Related

Apache SSL vhost won't use DocumentRoot but rather uses server webroot

I have an apache config using a DV wildcard cert. The ssl.conf is configured to use the certificate for all server traffic.
My vhost conf file has two virtual hosts defined there. A production vhost and a dev vhost. The conf file contents are;
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/html/vhosts/prod_example_com/
<Directory "/var/www/html/vhosts/prod_example_com">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog "/var/log/httpd/www.example.com-error_log"
CustomLog "/var/log/httpd/www.example.com-access_log" common
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/comodo/STAR_example_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/csr/www_example_com.key
SSLCertificateChainFile /etc/pki/tls/certs/comodo/SectigoRSADomainValidationSecureServerCA.crt
</VirtualHost>
<VirtualHost *:443>
ServerName dev.example.com
ServerAdmin webmaster#example.com
DocumentRoot "/var/www/html/vhosts/dev_example_com"
<Directory "/var/www/html/vhosts/dev_example_com">
AllowOverride All
Require all granted
</Directory>
ErrorLog "/var/log/httpd/dev.example.com-error_log"
CustomLog "/var/log/httpd/dev.example.com-access_log" common
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/comodo/STAR_example_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/csr/www_example_com.key
SSLCertificateChainFile /etc/pki/tls/certs/comodo/SectigoRSADomainValidationSecureServerCA.crt
</VirtualHost>
So, when I go to https://dev.example.com, it works great. However, when I try to go to https://www.example.com, it instead goes to the Apache server webroot of /var/www/html.
Have I overlooked something?
Thanks in advance to any help offered?
I seemed to have found the issue. In my particular instance, the vhost.conf VirtualHost tags were change both to *:443, but what got everything back on track was commenting out ServerName www.example.com:443 from my httpd.conf and restarting Apache. I hope this helps someone else that may be suffering from this same issue.

meta tags not showing up in fb-messenger&discord ect... -> when using https

So I recently updated my server from ubuntu 16.04 to 18.04 (full reinstall)
Now I'm having the following issue:
When using https no site will embed images or meta tags
https://i.imgur.com/ILFYZ0b
^ same problem with facebook-messenger
Here is my /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
ServerAdmin merlijn#melijn.com
ServerName melijn.com
ServerAlias www.melijn.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName melijn.com
ServerAlias www.melijn.com
ServerAdmin admin#melijn.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-acces.log combined
SSLEngine on
SSLCertificateFile /home/merijn/Certs/melijn.com.crt
SSLCertificateKeyFile /home/merijn/Certs/melijn.com.key
</VirtualHost>
You can visit the sites fine btw:
https://melijn.com
http://melijn.com
I hope there is a solution :)
Ok so the problem was the following:
I had an incomplete certificate and I needed to add a .ca-bundle file in my configuration.
So I added this line:
SSLCertificateChainFile /path/to/file.ca-bundle

Two sites with two different log files - SSL Apache2 Ubuntu

I have two websites in the same web server (Ubuntu 16.04.2 LTS - Apache/2.4.18). Everything works well when I try to access to both websites using HTTP (port 80). This is the vhosts.conf file content:
<VirtualHost *:80>
ServerName site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
</VirtualHost>
So, both sites are accessible through "mydomain.com/site1" and "mydomain.com/site2". I have installed a Let's Encrypt certificate and, to make it works, I have configured a virtual host like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/site_error.log
CustomLog ${APACHE_LOG_DIR}/site_access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I can access both site using SSL (port 443) successfully but I can't use different log files for different sites. I have tried something like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com/site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
Alias /site1 /var/www/html/site1
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com/site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
Alias /site2 /var/www/html/site2
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But it doesn't work. How can I distinguish between two sites in order to have two different log files?
Following the link proposed by CBroe, I have found the solution by using the SetEnvIf directive. The final working virtual host configuration looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SetEnvIf Request_URI ^/site1(/|$) site1
SetEnvIf Request_URI ^/site2(/|$) site2
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined env=site1
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined env=site2
ErrorLog ${APACHE_LOG_DIR}/site_error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Fedora apache server

I've created two virtual hosts on Fedora. I have a websites.config file in /etc/httpd/conf.d directory:
<VirtualHost *:443>
ServerName www.beratyeniceri.com
DocumentRoot /var/www/beratyeniceri.com/public_html
ServerAlias beratyeniceri.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/beratyeniceri.com/1000.pem
SSLCertificateKeyFile /etc/httpd/certs/beratyeniceri.com/beratyeniceri.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.tugbanursari.com
DocumentRoot /var/www/tugbanursari.com/public_html
ServerAlias tugbanursari.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/tugbanursari.com/1001.pem
SSLCertificateKeyFile /etc/httpd/certs/tugbanursari.com/tugbanur.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
When I run,
service httpd restart
it asks pass phrase for tugbanursari.com, but does not ask for beratyeniceri.com. When I switch their spot, then it only ask for second block. Hence,it skip first site which is on first block. Then, I think it does not work.
How do I fix that?
What is my server ip address to change hosts file for clients?

Wildcard SSL with Multiple Domains

I have a CentOS/Apache+OpenSSL server. I host two domain names with wildcard sub domains (application logic surfaces the correct site), e.g.
https://*.testing1.com
https://*.testing2.com
It works great over HTTP:-
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster#testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias *.testing1.com *.testing2.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
I've purchased two Wildcard SSL certificated for both testing1.com and testing2.com, but I'm unsure how to set it up in this structure:-
<VirtualHost *.testing1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing1.com
ServerName testing1.com
ServerAlias *.testing1.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
<VirtualHost *.testing2.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing2.com
ServerName testing2.com
ServerAlias *.testing2.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
The above for the SSL doesn't work, with the *.testing1.com definition, nor with just testing1.com.
I will also need to repeat this for testing2.com
Name-based virtualhosts and SSL wil only work if all the virtualhosts are within the same domain and you have a wildcard SSL certificate for that domain.
But you have 2 different domains.
In this case it will only work if you give each SSL-enabled virtualhost it's own IPaddress.
So you should use IP-based virtualhosts, not Name-based.
Explanation:
The ServerName which is requested, is contained in the HTTP request headers, but before that the SSL encryption must be already setup. So the ServerName is only available after the encryption has been setup. Therefore Apache can never know which SSL certificate te serve up and wil just use the first one available on that particular IPaddress.
With the single dedicated IP we can configure domain-based wildcard SSL in centos + apache2.2 server.
Hope the configurations below will help you guys!!
NameVirtualHost IP:80
NameVirtualHost IP:443
Domain 1
<VirtualHost IP:80>
ServerName abc.domain1.com
DocumentRoot /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
ServerName *.domain1.com
DocumentRoot /var/www/html/domain1
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>
Domain 2
<VirtualHost IP:80>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>