Virtual Host with SSL - apache

What if I'm doing an SSL because I need a redirect URI that's https:// so I have this in my xamp apache httpd:
DocumentRoot "C:/x/htdocs/project-lara/public"
ServerName fuseuca.com
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
AllowOverride All
Order allow,deny
Allow from all
I also configured the hosts 127.0.0.1 fuseuca.com
But i still get Web page not available: Error code: ERR_CONNECTION_REFUSED.

Related

Apache reverse proxy error on firefox : SSL_ERROR_RX_RECORD_TOO_LONG

I'm stuck with my Apache config
Situation
I have a Node chat web app and a phpmyadmin running on the same debian VPS server. Node runs on :3000 and phpmyadmin on :443.
The server base url on :443 is currently displaying phpmyadmin login page and the chat app can be accessed on IP:3000 (https)
Each have their own SSL cert and https is working without issues on both of them separately
Goal
What I'm trying to do is setup an Apache reverse proxy to forward requests from a a clean url (like chat.domain.com) to my Node app while keeping phpmyadmin on it's own dedicated subdomain (vps.domain.com).
like so :
internet (chat.domain.com on :443) -> reverse proxy -> node app running on :3000
internet (vps.domain.com on :443) -> reverse proxy -> phpmyadmin
Issue
Redirection does not work at all.
Firefox shows an error page with SSL_ERROR_RX_RECORD_TOO_LONG (ERR_SSL_PROTOCOL_ERROR on Chrome). As far as I understand it is telling me that I can't redirect to a service running on a different port than :443
I need secure https for both of my services (phpmadmin and chat) but can only run one of them on :443 since one is Apache and the other is Node. They each have their own routing system.
What I've considered
I'm not sure if what I'm trying to do is possible with Apache and this setup. I'd like to run my main app on :443 but then PMA would have to be moved to another port and. Alternatively I could run several servers for cleaner separation of services. I could also use Docker containers, but I don't think this should be necessary here.
Not sure which solution is the most appropriate. I just wanted to do some basic redirections.
Setup config :
Including relevant information about my config in this section.
Apache version : Apache/2.4.53 (Debian)
rewrite and proxy mods are enabled
apachectl configtest -> Syntax OK
vHosts :
default http -> https redirection
# 000-default.conf
VirtualHost *:80>
ServerName default.domain.me
Redirect / https://localhost:443
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
reverse proxy vhost
# reverse_proxy.conf
<VirtualHost chat.domain.me:443>
ServerName rproxy.domain.me
# ProxyPreserveHost On
ProxyRequests Off
# chat
ProxyPass / https://localhost:3000/
ProxyPassReverse / https://localhost:3000/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
PMA vhost
# phpmyadmin.conf
<VirtualHost _default_:443>
ServerName phpmyadmin.domain.me
DocumentRoot /usr/share/phpmyadmin
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/vps.domain.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vps.domain.me/privkey.pem
Protocols h2 http/1.1
Header always set Strict-Transport-Security "max-age=63072000"
# Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
# limit libapache2-mod-php to files and directories necessary by pma
<IfModule mod_php7.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/usr/share/doc/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
ErrorLog ${APACHE_LOG_DIR}/phpmyadmin/error.log
CustomLog ${APACHE_LOG_DIR}/phpmyadmin/access.log combined
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite # don't know if secret. didn't include.
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
Let me give you some possible solutions.
1)Changing the virtual host tag, ie, from <VirtualHost chat.domain.me:443> to <VirtualHost _default_:443>
2)setting the ports.conf file as follows
Listen 80
Listen 443 https
execute a2ensite default-ssl
Finally let me give you one of example that I have
ServerName abc.com
ServerAdmin webmaster#abc.com
<Proxy *>
Require all granted
</Proxy>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8181/
ProxyPassReverse / http://127.0.0.1:8181/
ErrorLog ${APACHE_LOG_DIR}/abc.com.error.log
CustomLog ${APACHE_LOG_DIR}/abc.com.access.log combined
SSLCertificateFile /etc/letsencrypt/live/abc.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/abc.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Apache SSL vhost won't use DocumentRoot but rather uses server webroot

I have an apache config using a DV wildcard cert. The ssl.conf is configured to use the certificate for all server traffic.
My vhost conf file has two virtual hosts defined there. A production vhost and a dev vhost. The conf file contents are;
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/html/vhosts/prod_example_com/
<Directory "/var/www/html/vhosts/prod_example_com">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog "/var/log/httpd/www.example.com-error_log"
CustomLog "/var/log/httpd/www.example.com-access_log" common
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/comodo/STAR_example_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/csr/www_example_com.key
SSLCertificateChainFile /etc/pki/tls/certs/comodo/SectigoRSADomainValidationSecureServerCA.crt
</VirtualHost>
<VirtualHost *:443>
ServerName dev.example.com
ServerAdmin webmaster#example.com
DocumentRoot "/var/www/html/vhosts/dev_example_com"
<Directory "/var/www/html/vhosts/dev_example_com">
AllowOverride All
Require all granted
</Directory>
ErrorLog "/var/log/httpd/dev.example.com-error_log"
CustomLog "/var/log/httpd/dev.example.com-access_log" common
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/comodo/STAR_example_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/csr/www_example_com.key
SSLCertificateChainFile /etc/pki/tls/certs/comodo/SectigoRSADomainValidationSecureServerCA.crt
</VirtualHost>
So, when I go to https://dev.example.com, it works great. However, when I try to go to https://www.example.com, it instead goes to the Apache server webroot of /var/www/html.
Have I overlooked something?
Thanks in advance to any help offered?
I seemed to have found the issue. In my particular instance, the vhost.conf VirtualHost tags were change both to *:443, but what got everything back on track was commenting out ServerName www.example.com:443 from my httpd.conf and restarting Apache. I hope this helps someone else that may be suffering from this same issue.

How to configure ssl on xampp apache

Can any one help me in configuring xampp apache server for ssl.
I have tried configuring it as follows in http-ssl:
<VirtualHost *:8443>
DocumentRoot "project_path"
ServerName domainName
ServerAlias domainName
ErrorLog "errorLog Path
TransferLog "access Log Path"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
SSLCertificateChainFile "conf/ssl.crt/bundleChain.crt"
</VirtualHost>
Errors:
When i tried accessing it with DomainName.
The site cant be reached.
When i tried accessing it with IP and Port.
The certificate is issued for domainName and hence ERR_CERT_COMMON_NAME_INVALID
Help is appreciated.

Subdomain forwarding to main domain on ssl requests only

Below is a copy of my ssl.conf that I edited to remove any identifying information.
Currently, we have a wild card SSL cert, and multiple sub domains that we plan to host with this certificate. Apache confirms this should be possible
Right now, domain 2 is forwarding to www, but I can;t figure out why. In an effort to narrow it down, I removed the www virtualhost from the file altogether and redeployed.
the redirect still happened (and as the only vhost, it loaded the domain2 file structure)
I can't figure out where this redirect is happening. is it possible that there is an issue with the certificate? (I confirmed that the common name on the certificate is *.example.com)
Listen ip-of-server:443
LoadModule ssl_module modules/mod_ssl.so
SSLPassPhraseDialog builtin
AcceptMutex flock
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
NameVirtualHost ip-of-server:443
<VirtualHost ip-of-server:443>
SSLEngine on
SSLStrictSNIVHostCheck on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache/ssl/STAR.example.com.pem
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
ServerName "domain2.example.com"
DocumentRoot "/srv/www/domain2.example.com/public_html"
CustomLog "/srv/www/domain2.example.com/logs/access.log" combined
ErrorLog "/srv/www/domain2.example.com/logs/error.log"
<Directory /var/www/html>
AllowOverride none
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost ip-of-server:443>
SSLEngine on
SSLStrictSNIVHostCheck on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache/ssl/STAR.example.com.pem
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
ServerName "www.example.com"
DocumentRoot "/srv/www/www.example.com/public_html"
CustomLog "/srv/www/www.example.com/logs/access.log" combined
ErrorLog "/srv/www/www.example.com/logs/error.log"
<Directory /var/www/html>
AllowOverride none
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
Turns out at some point we had a 301 redirect that pointed domain2 to www. Google chrome had cached that 301. disabling cache with devtools open caused page to load correctly over ssl.

SNI takes wrong certificate

i got the following setup
Listen 443
NameVirtualHost *:443
<virtualhost *:443>
Servername 1.domain.com
DocumentRoot /1
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/apache/1.cer
SSLCertificateKeyFile /etc/apache/1.key
SSLCertificateChainFile /etc/apache/1.crt
</virtualhost>
<virtualhost *:443>
Servername 2.domain.com
DocumentRoot /2
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/apache/2.cer
SSLCertificateKeyFile /etc/apache/2.key
SSLCertificateChainFile /etc/apache/2.crt
</virtualhost>
for some reason SNI takes the certificate from 1.domain.com on website 2 resulting in a not secure connection warning page. anyone got an idea why?
i'm using apache Apache/2.2.15 (Unix)
and OpenSSL 1.0.1e-fips
i've manged to get it to work, apparently apache requires the namevirtualhost to be in the /etc/httpd/conf.d/ssl.conf file instead of the httpd.conf