I am using centos 6. I want to remove the port from url
that is,I want to use http://www.website.com/ insted of http://www.website.com:8069/ so i tried to create the virtualhost.
I opened the file /etc/httpd/conf/httpd.conf
and added the line
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "/var/www/vhosts/website.com/httpdocs"
ServerName www.website.com
ServerAlias website.com
ProxyPass / http://www.website.com:8069/
ProxyPassReverse / http://www.website.com:8069/
</VirtualHost>
and restarted the server
/sbin/service httpd restart
but its not working
it is not giving any error and nor working
The only solution if you want to use http://www.website.com/ is to open port 80 on the server or server's router.
you should check via netstat if the apache process is listening to port 80 via
netstat -tulpn
next to check is local firewall. Check with
iptables -L
if the command lists entries iptables is active. You can turn it of with
/etc/init.d/iptables stop
or add an entry for port 80
/etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
if that doesn't help you should check the apache logs under
/var/log/httpd/
Related
I have this situation
Apache Web Server configured for https connections and some vhosts. All of them is well running, no problems at all. Ubuntu 20.04 LTS
One of this web sites, let's call alfa.com, sends via Soap some messages to a remote server (let's call beta.com)
alfa.com expose a crt with let'sencrypt. Every users and check is ok, no problems with the certificate.
This same server, beta.com, sends to alfa.com responses and messages BUT beta.com require a client certificate (exposed by alfa.com) which MUST be one they gave to me
The cert required by beta.com could not be used as main cert for alfa.com cause it has an untrusted CA and I cannot have my website expose a "this site is insecure"...
How can I use the Let'sEncrypt cert to clients but StrangeCert to beta.com?
Any suggestion is helpful, except for asking beta.com to give another cert, it is impossible.
Apache proxy? Iptables? What else?
I found the solution!
Using iptables and NAT chain, I'm able to redirect the beta.com SSL request in another virtualhost section of Apache, letting untouched the "other world" side.
Each client on the web reaches alfa.com:443 and do the normal, perfect, handshake with the Let'sEncrypt certs.
Vhost config
<VirtualHost *:443>
ServerName alfa.com
ServerAlias www.alfa.com
....
SSLCertificateFile /var/www/clients/client1/ssl/sitecert-le.crt
SSLCertificateKeyFile /var/www/clients/client1/ssl/sitecert-le.key
....
</VirtualHost>
Only the source net corresponding to beta.com (say 1.2.3.0/24) pass trought NAT chain in iptables and go to alfa.com:8080
<VirtualHost *:8080>
ServerName alfa.com
ServerAlias www.alfa.com
....
SSLCertificateFile /var/www/clients/client1/ssl/beta.com.crt
SSLCertificateKeyFile /var/www/clients/client1/ssl/beta.com.key
....
</VirtualHost>
This is the relevant iptables commands
iptables -t nat -A PREROUTING -p tcp -s 1.2.3.0/20 --dport 443 -j DNAT --to-destination 192.168.1.10:8080
iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.10 --dport 8080 -j SNAT --to-source 192.168.1.10
Of course, to allow only beta.com net to see alfa.com:8080 we can deny access to each other
iptables -A INPUT -s ! 1.2.3.0/20 -p tcp --destination-port 8080 -j DROP
■Background
trying to get SSL through Let's Encrypt
■Issue
As run the code below,
sudo certbot --apache -d hogehoge.com
I got the port 80 error
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
and unable to resolve this error
■What I have tried
have set up the port 80
vim /etc/httpd/conf/httpd.conf
add the description in the file.
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin root#hogehoge
DocumentRoot /var/www/html
ServerName hogehoge
</VirtualHost>
but I still got the same error.
would you kindly tell me the cause and how to make it work?
Default command "sudo certbot renew" error on localhost
(1)Uninstall certbot
(2)Reinstall certbot
(3)Sudo certbot certonly
(4)Select option 1, spin up temporary web server
(5)Ensure port 80 is accessible from outside, port forwarding in router
(6) Ensure all services using port 80 are stopped
Try
RewriteCond %{REQUEST_URI} !.well-known/acme-challenge
Enabling HTTPS on a Single Instance Beanstalk application: Unable to find a virtual host listening on port 80
I have been trying to setup Apache as a ReverseProxy to an internal Gitlab server with no success.
We are running multiple virtual servers, each server having a different application. We have an existing server with Apache 2.4 installed on CentOS 6.6 and working, and I just recently stood up a new server with GitLab 8.12 on CentOS 7. I have made the following change in /etc/gitlab/gitlab.rb
external_url 'http://mypublic.domain.com:80'
I have added the following rules in iptables
-A INPUT -p tcp -m state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state NEW -m tcp --dport 80 -j ACCEPT
I have verified that we can ssh in using http://mypublic.domain.com:22
I have tried every setup I could find online to set the VirtualHost in httpd.conf, but nothing is working correctly. Below are a couple of the more recent, simple examples I have found. Does anyone have any ideas?
<VirtualHost 192.168.1.000:80>
ServerName mypublic.domain.com
RewriteEngine On
ProxyPass / http://192.168.1.999/
ProxyPassReverse / http://192.168.1.999/
</VirtualHost>
####
<VirtualHost 192.168.1.000:80>
ServerName mypublic.domain.com
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPass http://192.168.1.999:80
ProxyPassReverse http://192.168.1.999:80
</Location>
</VirtualHost>
####
Apache Server: 192.168.1.000
GitLab Server: 192.168.1.999
Any help would be much appreciated, thanks!
I'm developing apache2 environment on my EC2 instance. For security, I want to change ssl port of apache2.
I've already confirmed default ssl port 443 was working by checking page with chrome browser. But after modifying ports.conf like below, I've got an error, ERR_SSL_PROTOCOL_ERROR when accessing this server like https://xxxxxxx:18443/
Are there any settings for changing ssl port?
listening ports
$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 64 *:7777 *:*
LISTEN 0 50 127.0.0.1:3306 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 :::18443 :::*
/etc/apache2/ports.conf
#Listen 80
<IfModule ssl_module>
Listen 18443
</IfModule>
<IfModule mod_gnutls.c>
Listen 18443
</IfModule>
environment
OS: ubuntu 14.04 server (Amazon/EC2 AMI)
apache: Apache/2.4.7 (Ubuntu)
EC2 inbound security policy
Custom TCP rule: TCP, 18443, 0.0.0.0/0
Custom UDP rule: UDP, 18443, 0.0.0.0/0
I found an answer by myself. I also need to edit default-ssl.conf. So I summarize all procedures to set up ssl and changing its port. In this example, I change ssl port to 18443 from 443.
$ sudo apt-get install apache2
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
$ sudo service apache2 restart
$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::443 :::*
LISTEN 0 128
Then, try to change ssl port.
$ sudo vi /etc/apache2/ports.conf
<IfModule ssl_module>
Listen 18443
</IfModule>
<IfModule mod_gnutls.c>
Listen 18443
</IfModule>
In this setting, I used default-ssl, so I also have to modify this file.
$ sudo vi /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:18443>
...
Then, you restart apache2 and you can access http://xxxxxx:18443/
$ sudo service apache2 restart
I'm running an EC2 micro instance (Amazon Linux) and can't seem to get ssl (https) working.
The error I'm getting in Chrome is "ERR_CONNECTION_REFUSED" (no data sent).
I've enabled HTTPS inbound traffic for the security group in my AWS console.
I added this in the /etc/httpd/conf/httpd.conf file. (example.com is a placeholder for my website)
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>
and it didn't work.
So to test VirtualHost, I replaced it with the following:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
http://example.com redirected to google like expected, but https://example.com didn't.
Anyone know what's the problem?
Connection refused means your server's IP stack actively rejected the incoming connection on port 443 (https) because no service is listening on port 443.
We use less and less Apache these days in my operations, because of the maturity of some other alternatives, so I may be a little rusty here, but I'm reasonably sure that your server, in spite of being configured with a way to respond to requests on port 443... is not actually listening for connections on port 443.
You probably have a listen 80 somewhere in your apache config. This will need to be accompanied by listen 443 based on httpd.apache.org/docs/2.2/bind.html:
When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how Apache responds to different IP addresses, hostnames and ports.
In addition to configuring the security group to allow the traffic over port 443, you probably also need to open port 443 on the server itself.
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
If that fixes the issue, then to save the configuration so that it persists after a reboot:
/sbin/service iptables save