I have a Magento running on a Ubuntu 14.04 server with Apache2 and SSL.
I have installed Varnish but not sure how to set it up with SSL without using Nginx.
this is my current vhost file ;
<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/mysite.com
<Directory /var/www/mysite.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /home/ssl/mysite_com.crt
SSLCertificateKeyFile /home/ssl/mysite.com.key
SSLCACertificateFile /home/ssl/mysite_com.ca-bundle
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName mysite.com
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]
</VirtualHost>
With your current Apache I would do:
Configure your site to listen in another port, 8888 for example
<VirtualHost *:8888>
ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/mysite.com
<Directory /var/www/mysite.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
</VirtualHost>
Then configure the SSL one to proxy to Varnish
<VirtualHost *:443>
# what you had above plus the following:
RequestHeader set X-Forwarded-Proto "https"
ProxyPass / http://localhost:6081/
ProxyPassReverse / http://localhost:6081/
</VirtualHost>
You will need some extra modules:
sudo a2enmod headers proxy proxy_http proxy_html
Finally Configure Varnish backend to use port 8888
backend default {
.host = "127.0.0.1";
.port = "8888";
}
Short answer, you can't setup Varnish with SSL since Varnish doesn't support it.
You have 2 options
Setup Nginx (or some other SSL-terminator) infront of Varnish which acts as reverse proxy and forwards the requests to Varnish via HTTP.
Split the traffic between your current Apache2 server (that supports SSL) and Varnish. The HTTP-traffic on port 80 goes to Varnish and the HTTPS-traffic on port 443 goes to Apache2.
Related
I'm currently trying to set up an Apache2 that (as a temp solution) hands out a .pac file and (kinda) serves as a proxy on the same port.
I say kinda acts as a proxy as it only needs to redirect traffic to the real proxy server.
Here is my virtual host config:
<VirtualHost *:8001>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests On
ProxyVia On
SSLProxyEngine On
<If "req('Host') == '192.168.122.95:8001'">
DirectoryIndex pacfile1.pac
</If>
ProxyRemote "*" "http://xx.xx.xx.xx:3128"
</VirtualHost>
This works for http connections but not for https. I don't need to do any SSL termination on the Apache, just forward everything to the real proxy.
Can anyone help me out why this is not working for https?
I have a website in an apache server and a mail server in the same machine. I want the port 80 request redirecting to https 443 port, so I put it in the vhost configuration.
I also want an autoconfig (Mozilla thunderbird use) for my mailserver. However I need to put a config-v1.1.xml accessible on port 80.
The problem is when I request http://example.com it's does not redirect to https://example.com like I want to but it redirects to the autoconfig.
Is there a way to keep autoconfig and have a redirection to https://example.com ?
I have setup a dns record for autoconfig.example.com and call it in vhost file but when I type mysite.com, it still goes in the autoconfig.
Any clues ?
Thanks
Here is the autoconfig.conf
Listen 80
Listen 443
<VirtualHost 178.33.235.19:80>
ServerName autoconfig.example.com
DocumentRoot /var/www/html/autoconfig/
<Directory /var/www/html/autoconfig>
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And the site vhost example.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
DocumentRoot /var/www/html/example/
DirectoryIndex index.php
ServerName example.com
ServerAlias www.example.com
#SSL Config
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/ssl/STAR_example_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/STAR_example_com.key
SSLCertificateChainFile /etc/httpd/ssl/COMODORSADomainValidationSecureServerCA.crt
<Directory /var/www/html/>
Options FollowSymLinks Indexes MultiViews
AllowOverride All
LogLevel crit
Require all granted
</Directory>
ErrorLog /var/log/apache/example-error_log
CustomLog /var/log/apache/example-access_log common
</VirtualHost>
Tried to use the ssl cert and key I got from my provider but it's not working out. When I want to connect to my site I get an ERR_ADDRESS_UNREACHABLE in Google Chrome.
Here is my Apache Config for the website.
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
ServerAdmin me#example.com
DocumentRoot /var/www/example.com/public
Redirect "/" "https://example.com/"
ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
ServerAdmin me#example.com
DocumentRoot /var/www/example.com/public
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
<Directory /var/www/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
<Limit POST PUT DELETE>
Require all granted
</Limit>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
</VirtualHost>
</IfModule>
I also ensured that the firewall allowes https connections.
What am I missing here?
Ok, so strangely ssl/https/port 443 was indeed NOT enabled on my server. Don't know why everything tells me that https is enabled but here is how I could solve it for me.
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
When i want to redirect from http to https it's redirect me to an other website on the same server
this is my first website : https://www.linaktob.com
the second website : https://www.fevrok.com
when i login to the first website from https OR 443 works fine
but when i login from http OR port 80 it's redirect to the second website
this is my apache configuration for the first website :
<VirtualHost *:80>
ServerName linaktob.com
DocumentRoot /var/www/linaktob.com/public
Redirect permanent / https://www.linaktob.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#linaktob.com
ServerName linaktob.com
ServerAlias www.linaktob.com
DocumentRoot /var/www/linaktob.com/public/
SSLEngine On
SSLCertificateFile /etc/ssl/linaktob/www.linaktob.com.crt
SSLCertificateKeyFile /etc/ssl/linaktob/www.linaktob.com.key
SSLCACertificateFile /etc/ssl/linaktob/www.linaktob.com.ca-bundle
ErrorLog /var/www/linaktob.com/logs/error.log
CustomLog /var/www/linaktob.com/logs/access.log combined
<Directory /var/www/linaktob.com/public/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Your VirtualHost for port 80 is missing a ServerAlias www.linkatob.com.
Because of this, http://www.linkatob.com/:80 will not be served by this VirtualHost but by the default entry - which appears to be your other website.
Add the VirtualHost and you're good.
Apache/2.4.7 (Ubuntu)
Ubuntu 14.04
I'm trying to run multiple ssl on the same ip. When I type in the first domain it redirects to the second domain.
I'm probably missing one little thing somewhere, if you could help me out that would be awesome.
I followed the DO tutorial without changing the ports.conf file (as I'm under the impression NameVirtualHost is no longer in use).
I have two .conf files in my sites-enabled directory and i've tried merging them but get the same result.
Output from apachectl -S is:
*:443 is a NameVirtualHost
default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
Here is my ports.conf (should be default Ubuntu):
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I've tried switching from mod_ssl to mod_gnutls (with updated conf file) and get the same result.
Domain 1 .conf file in sites-enabled:
<VirtualHost *:80>
ServerName domain1.com
ServerAlias www.domain1.com *.domain1.com
DocumentRoot /git/domain1.com/public/
ServerAdmin webmaster#domain1.com
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain1.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#domain1.com
ServerName domain1.com
DocumentRoot /git/domain1.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain1.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain1.com/apache/ssl/apache.key
<Directory /git/domain1.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Domain 2 conf:
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com *.domain2.com domain2.ca *.domain2.ca
DocumentRoot /git/domain2.com/public/
ServerAdmin webmaster#domain2.com
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#domain2.com
ServerName domain2.com
DocumentRoot /git/domain2.com/public/
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /git/domain2.com/apache/ssl/apache.crt
SSLCertificateKeyFile /git/domain2.com/apache/ssl/apache.key
<Directory /git/domain2.com/public/>
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error_domain2.com.log
</VirtualHost>
</IfModule>
*:443 is a NameVirtualHost
default server domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost domain2.com (/etc/apache2/sites-enabled/domain2.com.conf:19)
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
Since the default server is domain2.com, the HTTPS requests that come from a non-SNI supported browser will probably be redirected to domain2.com, even you are intended to access www.domain1.com.
And one more possibility you may investigate on, if you are sure that the client is supporting SNI, then check whether the installed OpenSSL is supporting TLS and your Apache is built with that OpenSSL version. Both server side and client side prerequisites must be fulfilled in order to make a name-based Apache Virtual Host to handle requests correctly.
Update 1
You may see an error log like Init: Name-based SSL virtual hosts require an OpenSSL version with support for TLS extensions (RFC 6066 - Server Name Indication / SNI), but the currently used library version (%s) is lacking this feature in your error log when you started your server.
Update 2
And also, although the result of apachectl -S
port 443 namevhost www.domain1.com (/etc/apache2/sites-enabled/domain1.com.conf:19)
alias domain1.com
wild alias *.domain1.com
is showing *.domain1.com or domain1.com will be handled as www.domain1.com, in your domain1.conf
<VirtualHost *:443>
ServerAdmin webmaster#domain1.com
ServerName domain1.com
is not defining any alias for this virtual host, so I am wondering whether this virtual host will handle requests like what you assumed.