multiple ports, SSL issue - apache

I have been searching this for some time and couldn't get to a speicifc answer.
I have configured a sever in CentOS env, with the following configuration in my vhost.conf:
<VirtualHost *:80>
DocumentRoot /xyz/dir
DirectoryIndex index.html index.php
CustomLog /var/log/xyz/access.log common
ErrorLog /var/log/xyz/error.log
<Directory /xyz/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:83>
DocumentRoot /abc/dir
DirectoryIndex index.html index.php
CustomLog /var/log/abc/access.log common
ErrorLog /var/log/abc/error.log
<Directory /abc/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
As you can see I have configured 2 sites on different ports with same ip. Now I am trying to configure ssl on both the sites, I want the http as well as https both activated simultaneously on both.
I did some search and configured it with ssl, and added the following :-
<VirtualHost _default_:443>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3
SSLCACertificateFile /path-to-ca-bundle
SSLCertificateFile /path-to-crt
SSLCertificateKeyFile path-to-key
SSLVerifyClient none
SSLVerifyDepth 10
DocumentRoot /xyz/dir
ServerName 1.1.1.1:80
DirectoryIndex index.html index.php
CustomLog /var/log/xyz/access.log common
ErrorLog /var/log/xyz/error.log
<Directory /xyz/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
# Did the same for :83
Now this works fine when I hit
https://1.1.1.1/ --> points to xyz
http://1.1.1.1/ --> points to xyz
http://1.1.1.1:83/ --> points to abc
https://1.1.1.1:83/ --> throws ssl_error_rx_record_too_long error
The https on :83 is not working. Need help !
Also https://1.1.1.1:80/ --> throws ssl_error_rx_record_too_long error
On the contrary https://1.1.1.1/ --> works just fine and points to xyz

Related

403 Forbidden vhost Ubuntu

Trying to setup my webserver and allow .htaccess in all www directories. When accessing sub.domain.com on my laptop (with host files adjusted), returns a 403 Forbidden. "You don't have permission to access / on this server."
It feels like the .htaccess file is not allowed, and therefore throws the 403. But as per my understanding the settings are correct isn't? Am I overlooking something?
apache2.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
AllowOverride All
</Directory>
domain.com.conf
<VirtualHost *:80>
ServerName domain.com
ServerAlias sub.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /var/www/domain.com/public_html/support/current
<Directory "/var/www/domain.com/public_html/support/current">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAlias .domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /var/www/domain.com/public_html/support/current
<Directory "/var/www/domain.com/public_html/support/current">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Either /var/www/domain.com/public_html/support/current doesn't exist, or its rights are not correct for user Apache runs on. Check the User and Group settings in the main Apache config to find out what they are.
You might also want to check the error log to get additional clues.

Can't acces website when ssl enabled

We're trying to use SSL on our website.
The website is on a ubuntu server 2016. I've generated certicates from let's encrypt and followed the ubuntu tutorial but at the end i'm getting ERR_CONNECTION_REFUSED
<VirtualHost *:443>
ServerAdmin webmaster#sitename.eu
ServerName dp7.sitename.eu
ServerAlias www.dp7.sitename.eu
#SSLEngine on
#SSLCertificateFile /etc/letsencrypt/live/sitename.fr/cert.pem
#SSLCertificateChainFile /etc/letsencrypt/live/sitename.fr/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/sitename.fr/privkey.pem
DocumentRoot /var/www/bt750
<Directory "/var/www/bt750">
Options +FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/dp7_ssl_error.log
LogLevel warn
CustomLog /var/log/apache2/dp7_ssl_access.log "combined"
</VirtualHost>
i have flushed all my chrome cache, without success
how can i solve this problem ?
You have some errors in apache configuration. You need Listen the 443 port and uncomment SLL configuration
Listen 443
<VirtualHost *:443>
ServerAdmin webmaster#sitename.eu
ServerName dp7.sitename.eu
ServerAlias www.dp7.sitename.eu
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sitename.fr/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/sitename.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sitename.fr/privkey.pem
DocumentRoot /var/www/bt750
<Directory "/var/www/bt750">
Options +FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog /var/log/apache2/dp7_ssl_error.log
LogLevel warn
CustomLog /var/log/apache2/dp7_ssl_access.log "combined"
</VirtualHost>

How can i fix the root directory of Froxlor?

Migrating Froxlor from a Debian 7 to Debian 8 System.
I have now the problem, that the auto-generated vhost file of Froxlor, has vhost's in it which reference to the wrong directory. Is it possible to change them to the correct destination?
They referencing to /var/www/admin but now i only want them to reference to /var/www. I could not find it in the Database of Froxlor nor in the config Files nor in the Webinterface Settings of Froxlor itself.
The reason to change it is that I have a froxlor installation listening on www.example.com/froxlor and phpMyAdmin on www.example.com/phpmyadmin. Now I want my Overview-Page running on www.example.com.
This is the file which is not correct generated. (I replace the IP's and ServerName's)
# vhosts.conf
# Created 25.09.2016 15:31
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
Listen 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen 192.168.0.1:80
<VirtualHost 192.168.0.1:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external
</VirtualHost>
Listen [::1]:443
<VirtualHost [::1]:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen [::1]:80
<VirtualHost [::1]:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external
</VirtualHost>
Is it possible to disable the root directory auto creation of froxlor? And use this solution. http to https
<VirtualHost *:80>
ServerName **
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors off
php_admin_flag display_startup_errors off
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =**
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName **
DocumentRoot /var/www/website/silex/web/
<Directory /var/www/website/silex/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
DirectoryIndex /index.php
FallbackResource /index.php
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors on
php_admin_flag display_startup_errors on
</IfModule>
SSLEngine On
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/ssl/cert.pem
SSLCertificateKeyFile /root/ssl/key.pem
</VirtualHost>
The Alias Config Files:
# froxlor default Apache configuration
Alias /froxlor /var/www/froxlor/
<Directory /var/www/froxlor/>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
</Directory>
I found the solution.
You can set it up in the Webinterface under ips and ports. And edit the Ip Adresses their.
Ressourcen/IPs and Ports/Optionen | Edit
Their is the userdefined document root for the Website.
It was not under System Settings.

ssl issue with name based virtual hosting for multiple domain

I have three domains:-
abc.local without ssl configuration
<VirtualHost 10.0.0.87:80>
ServerName abc.local
DocumentRoot /var/www/alpha/abc.local/
ServerAlias hey.abc.local
DirectoryIndex index.php index.html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/alpha/abc.local/>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/abc.local/error.log
CustomLog /var/log/abc.local/access.log combined
<Directory /var/www/alpha/abc.local >
AuthType Basic
AuthName abc_test
AuthBasicProvider file
AuthUserFile /var/www/alpha/abc.local/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
test.local with ssl configuration
<VirtualHost 10.0.0.87:80>
ServerName test.local
DocumentRoot /var/www/alpha/test.local/
ServerAlias hey.test.local
DirectoryIndex index.php index.html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/alpha/test.local/>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/test.local/error.log
CustomLog /var/log/test.local/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost 10.0.0.87:443>
ServerName test.local
DocumentRoot /var/www/alpha/test.local/
ServerAlias hey.test.local
DirectoryIndex index.php index.html
SSLEngine on
SSLCertificateFile /var/www/alpha/ssl/test.local/test.crt
SSLCertificateKeyFile /var/www/alpha/ssl/test.local/test.key
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/alpha/test.local/>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog /var/log/test.local/error.log
CustomLog /var/log/test.local/access.log combined
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
SSLProtocol all -SSLv2 -SSLv3
</VirtualHost>
</ifModule>
and third one example.local have ssl configuration same like test.local
But issue is when i am trying to access https://abc.local it serving the content of first loaded domain from test.local or example.local

Moodle apache proxy

I'm having troubles setting up a moodle instance behind an apache proxy.
Here's my apache front-end that proxies to the running server.
NameVirtualHost www.example.com:443
<VirtualHost www.example.com:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias www.example.com
ProxyPass / http://192.168.1.101/
ProxyPassReverse / http://192.168.1.101/
SSLEngine on
SSLCertificateFile /etc/ssl/crt/example.com.crt
SSLCertificateKeyFile /etc/ssl/crt/example.com.key
SSLCACertificatePath /etc/ssl/crt
SSLCertificateChainFile /etc/ssl/crt/example.com.bundle.crt
</VirtualHost>
On the concrete server I've got.
$CFG->wwwroot = 'http://192.168.1.101/classes';
And
<VirtualHost 192.168.1.101:80>
ServerAlias 192.168.1.101
ServerAdmin webmaster#localhost
ServerName 192.168.1.101
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
The thing is that I keep getting that moodle is only accessible from 182.168.1.101 something is not quite matching the expected. I've been able to configure confluence and other platforms but moodle doesn't work.
The concrete error is as follows.
Incorrect access detected, this server may be accessed only through "http://192.168.1.101/classes" address, sorry. Please notify server administrator.
Does anyone know what might be happening?
Its a Moodle error message, the wwwroot in config.php has to match.
You could try
$CFG->wwwroot = 'http://' . $_SERVER['HTTP_HOST'];
Although this might not allow some command line updates in Moodle.
On the proxy server, modify the VirtualHost entry as follows:
ProxyPass / http://192.168.1.101/classes
ProxyPassReverse / http://192.168.1.101/classes
For Moodle, what you set in Moodle's config.php for
$CFG->wwwroot
...has to match your ProxyPass and ProxyPassReverse values in the VirtualHost definition on the Proxy server.
So, what's the URL that points to your front end?
That's what you need to set $CFG->wwwroot to.