I followed this guide step by step to set up SSL connection for my web portal. Earlier I was able to access it using http:// but now I have to specify port 80 i.e. I have to use https://:80 to access the portal. If I access https:// it shows me the default Apache test page, which says -
Testing 123..This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that this site is working properly. This server is powered by CentOS.
I need to access the portal using https:// without port. Any help is appreciated.
httpd.conf
<VirtualHost *:80>
WSGIScriptAlias / /var/www/html/portals/portals/wsgi.py
DocumentRoot /var/www/html/portals/portals
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/mysite.crt
<Location "/mysite/authenticate">
AuthType Basic
AuthName "wsgi protected"
Require valid-user
AuthBasicProvider wsgi
WSGIAuthGroupScript /var/www/html/portals/portals/wsgi.py
WSGIAuthUserScript /var/www/html/portals/portals/wsgi.py
</Location>
<Directory /var/www/html/portals/portals>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /media/ /var/www/html/portals/media/
Alias /static/ /var/www/html/portals/static/
<Directory /var/www/html/portals/static>
Require all granted
</Directory>
<Directory /var/www/html/portals/media>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
WSGIScriptAlias / /var/www/html/portals/portals/wsgi.py
DocumentRoot /var/www/html/portals/portals
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
SSLCertificateChainFile /etc/pki/tls/certs/mysite.crt
<Location "/mysite/authenticate">
AuthType Basic
AuthName "wsgi protected"
Require valid-user
AuthBasicProvider wsgi
WSGIAuthGroupScript /var/www/html/portals/portals/wsgi.py
WSGIAuthUserScript /var/www/html/portals/portals/wsgi.py
</Location>
<Directory /var/www/html/portals/portals>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /media/ /var/www/html/portals/media/
Alias /static/ /var/www/html/portals/static/
<Directory /var/www/html/portals/static>
Require all granted
</Directory>
<Directory /var/www/html/portals/media>
Require all granted
</Directory>
</VirtualHost>
I don't think you have followed the instructions correctly. The instructions say that the <VirtualHost *:80> element should be something like this:
<VirtualHost *:80>
<Directory /var/www/vhosts/yoursite.com/httpdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
ServerName yoursite.com
</VirtualHost>
and there should be a "mirror" configuration port 443.
But you seem to have added in the stuff to enable the SSL engine, etcetera to the <VirtualHost *:80> element ... which is going to make Apache configure port 80 to expect / require "https:" connections.
Review your configurations and compare them with what the instructions actually tell you to do.
Can I also recommend reading the Apache documentation for the directives that you are using in your configs. That way you can start to understand what the configs are actually saying. That will give you a better chance of diagnosing problems if the "potted" instructions are not followed correctly.
Related
I am hosting website iplocation.io on a cloud server. I found a domain https://chrissloey.com/index.php which opens my website within it.
Now from what I understand, chrissloey.com has pointed it A record to my server ip and my apache2 server is not denying connection to it and allow's to open iplocation.io website content like its own.
I want apache2 to deny connections to any other domain and only allow my own domain to server content.
Attached is apache conf file for iplocation.io
<VirtualHost *:80>
ServerAdmin email#email.com
DocumentRoot /var/www/public_html
ServerName iplocation.io
ServerAlias www.iplocation.io
ErrorLog ${APACHE_LOG_DIR}/apache-error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/public_html>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName iplocation.io
ServerAdmin email#email.com
DocumentRoot /var/www/public_html
SSLEngine on
SSLCertificateFile /path-to-csr
SSLCertificateKeyFile /path-to-key
SSLCertificateChainFile /path-to-ca
<Directory /var/www/public_html>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule
Looking at the two comments I think the combination makes most sense:
Configure httpd to respond with redirect (301) to all incoming requests. This could be done on the 'root' host.
Configure a virtualhost listening to your domain only, and this one would serve your real content only.
This will work unless the other site requests your content and then integrates it into their responses. But as you said someone else simply put up a DNS A record.
I have a general httpd.conf file that looks like this:
<VirtualHost *:80>
ServerAdmin: me#admin.com
DocumentRoot /var/www/siteone
ServerName: siteone.com
ServerAlias siteone.com
<Directory "var/www/siteone">
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin: me#admin.com
DocumentRoot /var/www/sitetwo
ServerName: sitetwo.com
ServerAlias sitetwo.com
<Directory "var/www/sitetwo">
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
.... More <VirtualHost>s
Is there anyway I can define one <Location /server-status> and have HTTP requests for all my hosted websites show up on a single mod_status page?
What version of Apache httpd you are using? Though I've not tried but can you give a try with below configuration by defining the multiple 'Require host' inside the '/server-status' location of your httpd.conf file.
<Location "/server-status">
SetHandler server-status
Require host example.com
</Location>
Please note the above configuration is for Apache 2.4.x.
C:\wamp\bin\apache\apache2.4.9:
<VirtualHost *:80>
DocumentRoot C:\wamp\wwww\sk\public
ServerName sk.localhost
SetEnv APPLICATION_ENV "development"
<Directory "C:\wamp\wwww\sk\public">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
Require local
Allow from localhost ::1 127.0.0.1
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot C:\wamp\wwww\sk\public
ServerName sk.localhost
SetEnv APPLICATION_ENV "development"
<Directory "C:\wamp\wwww\sk\public">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
Require local
Allow from localhost ::1 127.0.0.1
</Directory>
</VirtualHost>
Hosts file:
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost
127.0.0.1 sk.localhost
When I try to access localhost or sk.localhost it gives me 403 error (Wamp is green and Online. Anyone can help please? I don`t know what am I doing wrong here. I tried several methods from Internet but with no luck. Any help would be much appreciated. Best regards, Bogdan.
PHPMyadmin is working.
This is probably because you are using 2 different versions of the access security syntax and Apache is getting confused.
Change your Virtual Host definitions as below to use just the Apache 2.4 syntax and not the Apache 2.2 ones.
Also you should create a VH for localhost as well, as when you implement Virtual Hosts, Apache ignores the definition of localhost in the httpd.conf file.
# Should be the first VHOST definition so that it is the default virtual host
# Also access rights should remain restricted to the local PC
# So that any random ip address attack will recieve an error code and not gain access
<VirtualHost *:80>
DocumentRoot "c:/wamp/www"
ServerName localhost
<Directory "c:/wamp/www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot C:\wamp\wwww\sk\public
ServerName sk.localhost
SetEnv APPLICATION_ENV "development"
<Directory "C:\wamp\wwww\sk\public">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot C:\wamp\wwww\sk\public
ServerName sk.localhost
SetEnv APPLICATION_ENV "development"
<Directory "C:\wamp\wwww\sk\public">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Require local
</Directory>
</VirtualHost>
The Require local tells Apache to only allow access to a VH domain if the client is on the PC running WampServer(Apache).
If you actually want to allow access from say another PC on your local network, you can add a line like this to the domain you want to access
Require local
Require ip 192.168.1
Or if you want to allow access from anwhere replace those lines with
Require all granted
WARNING Dont allow access to the universe unless you really know what you are doing.
PS The WAMPserver Online/Offline feature only controls access and does not mean APache is running or not. Also once you implement Virtual Hosts it no longer has any relevance and shoudl be set OFFLINE as access control is now held in each individual Virtual Host.
everybody.
I have a Cent OS 6.6 server with Apache + mod_php site (site1.local). I need to configure second site (site2.local) with php_cgi. So, I created a user, gave him permissions on www-folder, configured site1 as mod_php, created a phpinfo.php. Also, I installed php-cgi,and try to configure virtual hosts, works only first site, on the second site is error:
the requested url /cgi-bin/phpinfo.php was not found onthis server.
That's my configs:
cat /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerAdmin webmaster#site1.local
DocumentRoot /var/www/wwwmaster/site1.local
ServerName site1.local
ServerAlias www.site1.local
ErrorLog logs/site1.local-error_log
CustomLog logs/site1.local-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#site2.local
DocumentRoot /var/www/wwwmaster/site2.local
ServerName site2.local
ServerAlias www.site2.local
ScriptAlias /cgi_bin/ /usr/bin/php-cgi/
Action php-cgi /cgi-bin
AddHandler php-cgi php
<Directory /usr/bin/php-cgi>
Allow from all
</Directory>
<Directory "/var/www/wwwmaster/site2.local/">
<FilesMatch "\.php">
SetHandler php-cgi
</FilesMatch>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
ErrorLog logs/site2.local-error_log
CustomLog logs/site2.local-access_log common
</VirtualHost>
What I've done wrong and how can I fix that?
You only have to uncomment the line that says NameVirtualServer *:80 in your apache config file.
If you want virtual server for more than one port, simply put as many NameVirtualServer *:[port number] in the apache config file as you need.
I am using apache 2.2.22 with debian stable as the server.
I have created a virtual host for a webdav share. I can access all of the symbolic links contained in /webdav via a web browser, just not from a webdav client. If i put documents or proper folders within /webdav i can see them in a client.
Here is my config for the share:
<VirtualHost *:80>
ServerAdmin webmaster#mydomain.com
ServerName mydomain.com
ServerAlias *.mydoman.com
DirectoryIndex index.html
Options Indexes FollowSymLinks
DocumentRoot /var/www/html/www.mydomain.com/htdocs/
ScriptAlias /cgi-bin/ /var/www/html/www.mydomain.com/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
ErrorLog /var/www/html/www.mydomain.com/logs/error.log
CustomLog /var/www/html/www.mydomain.com/logs/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#mydomain.com
ServerName mydomain.com
ServerAlias *.mydomain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/mykey.crt
SSLCertificateKeyFile /etc/apache2/ssl/mykey.key
DirectoryIndex index.html
Options Indexes FollowSymLinks
DocumentRoot /var/www/html/www.mydomain.com/htdocs/
ScriptAlias /cgi-bin/ /var/www/html/www.mydomain.com/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
ErrorLog /var/www/html/www.mydomain.com/logs/error.log
CustomLog /var/www/html/www.mydomain.com/logs/access.log combined
Alias /webdav /var/www/html/mydomain/htdocs
<Location /webdav-public>
Options Indexes FollowSymLinks
#AllowOverride None
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /etc/apache2/webdav.password
Require valid-user
</Location>
</VirtualHost>
Permissions for root and webdav folder:
Owner: root, create/delete; Group www-data, access; Other, none
Permissions for the public folder which the symlinks point to:
Owner: myusername, create/delete; Group: www-data, access; Other, Access
Any ideas? Obviously i am trying to learn my way around apache so there is probably a few errors in the above, i welcome any off topic criticism.
So, it turns out:
<Location /webdav-public>
A location as above can be a symbolic link. However, symbolic links within the share location are not supported for whatever reason (at least for apache 2.2.22 in the debian stable repo). They do show when accessed by firefox or chrome for me, but not from a webdav client or while mapped in windows explorer (while on the home network, not tested elsewhere).
I had to rearrange my files to suit webdav, which sucks.