I have installed an SSL certificate on my home server. I can access localhost but not https://subdomain.ofmyhp.com.
I don't know so much about SSL so I folloed this instructions to install and generate the SSL certificate. in the instructions it was said to create a new file /etc/apache2/sites-available/ssl but I already have a file /etc/apache2/sites-available/default-ssl should the two be the same?
Here is the content of the file /etc/apache2/sites-available/ssl
<virtualhost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www
</virtualhost>
This is the content of my /etc/apache2/ports.conf
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
In the ports.conf is also marked to use the defaults-ssl file to configure Apache to listen to 443
Edit:
Today I learnd that there is also a hosts file (/etc/hosts). This is what it looks like for me (with an example of course).
80.110.45.25 home.example.com mypc
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Because of current apache and ssl limitations. You can only run ONE cert per PORT (443) on a machine.
Make sure you setup your 443 virtual host as the only authoritative vhost listening and using that cert.
If you need additional vhosts, you'll need to listen on different ports.
Many people get around this by placing a proxy or loadbalancing service in front of apache. But this is beyond the scope of a home / dev environment.
Also, to enable new site configs in ubuntu, use the a2ensite command.
Related
I have a similar problem as mentioned in Apache redirect to another port but the answer does not work for me.
I have Apache set up on an Debian VM, with an instance of Nextcloud.
I setup a vhost for cloud.mydomain.com on port 443 and it works fine.
Also, I installed Gitlab on the same VM, and the external url is https://debianvm.local:1234
How can I redirect https://gitlab.mydomain.com:443 to https://debianvm.local:1234 ??
I have tried
<VirtualHost *:443>
ServerName gitlab.mydomain.com
ServerAlias gitlab.mydomain.com
ProxyPass / https://debianvm:8508/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
I was hoping to later be able to call certbot -d gitlab.mydomain.com and change the certificate...
I also tried putting exactly the same file for *:80 (without SSLEngine lines) and then call certbot but without success.
I also tried directly putting https://gitlab.mydomain.com in the gitlab configuration, in vain.
Any ideas?
Thanks.
On the DNS side, I set up 2 DNS redirections type A: one for cloud.mydomain.com and one for gitlab.mydomain.com, but they are pointing to the same IP.
On the port forwarding side, the NAS with the host IP is forwarding 80 and 443 to 80 and 443 of the debianvm.local
I've installed Apache httpd on my Mac and "It works".
Now I need to configure a Virtual Host in order to expose my application (Java Spring) with httpd as reverse proxy in front of it.
This is what I have into /usr/local/etc/httpd/extra/httpd-vhosts.conf file
<VirtualHost *:443>
ServerName my.domain.it:443
SSLEngine on
SSLCertificateFile /path/to/cert.crt
SSLCertificateKeyFile /path/to/cert.key
ProxyPreserveHost On
ProxyPass / http://localhost:8080/myapp
ProxyPassReverse / http://localhost:8080/myapp
</VirtualHost>
In /etc/hosts I've mapped to server address in this way:
127.0.0.1 my.domain.it
And The Tomcat Connector configuration is:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" proxyPort="443" scheme="https"/>
If I run the application with Eclipse it responds correctly at http://localhost:8080/myapp/ but If I try to call https://my.domain.it/myapp/ It doesn't work and Google Chrome tells me: "This site can't be reached".
What's wrong with my configuration?
P.S.
The httpd Apache instance is configured to Listen on port 80
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
Thanks.
EDIT: SOLVED
Unfortunately I was not able to solve with Apache Httpd but now with Nginx it works. Thanks for your answers
In mod_ssl.conf (file name might be different) you should have the following line
Listen 443
It tells apache to listen on port 443 (it's include in the configuration file when you install mod_ssl to be able to expose your site over HTTPS).
The same configuration file should include all the shared configuration about the TLS.
If apache is running, you can check if port 443 is listening, using netstat:
netstat -an | grep -i list
The output should include port 80 and 443 (and some other according to the services running on the server such as ssh).
If the port is shown in the list, next step is to check apache logs for errors.
I have limited experience setting up SSL certs, so far i've been able to get single SSL certs working on different servers, now I'm stuck trying to get a wildcard SSL cert setup alongside an existing organisational SSL for same domain, it keeps pointing at the organisational cert even though I specify the wildcard cert in the the virtual host.
I'll try explain the best I can using sample data:
organisational certificate site.example.com
wildcard certificate *.example.com
apache version 2.2.3
I will leave out the port 80 stuff as there is no issues there
Example configuration:
NameVirtualHost *:443
NameVirtualHost 192.0.2.201:443
NameVirtualHost 192.0.2.202:443
<VirtualHost 192.0.2.202:443>
ServerName site.example.com
DocumentRoot /var/www/html/site
SSLEngine On
SSLCertificateFile /locationof/organisational.crt
SSLCertificateChainFile /locationof/organisational.intermediate.pem
SSLCertificateKeyFile /locationof/organisational.key
</VirtualHost>
<VirtualHost 192.0.2.202:443>
ServerName mytestsite.example.com
DocumentRoot /var/www/html/mytestsite
SSLEngine On
SSLCertificateFile /locationof/wildcard.crt
SSLCertificateChainFile /locationof/wildcard.intermediate.pem
SSLCertificateKeyFile /locationof/wildcard.key
</VirtualHost>
There are no issues with either certificate.
When I restart Apache and go to https://mytestsite.example.com in Firefox it tells me 'Your connection is not sercure' when expanding the Advanced button I can see from the message 'The certificate is only valid for the following names: site.example.com, www.site.example.com' So I guess it's picking up the organisational virtual host each time and isn't getting to the wildcard virtual host, I've tried switching them about as I've read that Apache can be affected by the order of the virtual hosts but it made no difference to me.
I'm sure it's something simple I'm doing wrong but I've searched various sites and Google but just can't pinpoint the issue :(
EDIT - additional info from running httpd -S
192.0.2..201:443 is a NameVirtualHost
default server www.anothersite.net (/etc/httpd/conf/httpd.conf:aaaa)
port 443 namevhost www.anothersite.net (/etc/httpd/conf/httpd.conf:aaaa)
192.0.2.202:443 is a NameVirtualHost
default server site.example.com (/etc/httpd/conf/httpd.conf:xxxx)
port 443 namevhost site.example.com (/etc/httpd/conf/httpd.conf:xxxx)
port 443 namevhost mytestsite.example.com (/etc/httpd/conf/httpd.conf:yyyy)
wild alias *.*
*:443 is a NameVirtualHost
default server someoldsite.com (/etc/httpd/conf.d/ssl.conf:xx)
port 443 namevhost someoldsite.com (/etc/httpd/conf.d/ssl.conf:xx)
// there is no virtual host for this old site, it seems it is the name of the server inside /etc/hosts file
I checked the *:443 path in case there was a redirect or something like that but there is not. I've added in the additional NameVirtualHost settings to example configuration. From the info above I'm still not sure what's going wrong! The wildcard SSL certificate is set up on 2 other servers and works fine but it is the only SSL certificates on those servers as opposed to this server which has 2 others and 1 sharing the same domain
EDIT 2
there is a ssl.conf file being include with the following <VirtualHost _default_:443> but don't think that is causing any harm?
this server has been working fine using both certs on .201 and .202 and the wildcard cert works fine on two other servers, I just can't get the wildcard ssl cert to work along with the .202 organisational cert :(
I'm running an EC2 micro instance (Amazon Linux) and can't seem to get ssl (https) working.
The error I'm getting in Chrome is "ERR_CONNECTION_REFUSED" (no data sent).
I've enabled HTTPS inbound traffic for the security group in my AWS console.
I added this in the /etc/httpd/conf/httpd.conf file. (example.com is a placeholder for my website)
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>
and it didn't work.
So to test VirtualHost, I replaced it with the following:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
Redirect permanent / https://google.com/
</VirtualHost>
http://example.com redirected to google like expected, but https://example.com didn't.
Anyone know what's the problem?
Connection refused means your server's IP stack actively rejected the incoming connection on port 443 (https) because no service is listening on port 443.
We use less and less Apache these days in my operations, because of the maturity of some other alternatives, so I may be a little rusty here, but I'm reasonably sure that your server, in spite of being configured with a way to respond to requests on port 443... is not actually listening for connections on port 443.
You probably have a listen 80 somewhere in your apache config. This will need to be accompanied by listen 443 based on httpd.apache.org/docs/2.2/bind.html:
When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it may need to be told to listen on specific ports, or only on selected addresses, or a combination of both. This is often combined with the Virtual Host feature, which determines how Apache responds to different IP addresses, hostnames and ports.
In addition to configuring the security group to allow the traffic over port 443, you probably also need to open port 443 on the server itself.
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
If that fixes the issue, then to save the configuration so that it persists after a reboot:
/sbin/service iptables save
I have an Apache server with a group of name-based virtual hosts on it. Requests are sent to the server via an Apache reverse proxy, which forwards all requests for these site names to port 80 on the backend server. While most of these sites appear to be working fine, one vhost is failing to pick up requests for its designated site name, and these are instead being served by the default vhost.
Here's the configuration for the problematic host:
<VirtualHost *:80>
ServerName www.dev.awesome.ac.nz
ServerAdmin netaccount#auckland.ac.nz
ErrorLog logs/awesomeacnz.error.log
CustomLog logs/awesomeacnz.access.log common
Alias / /var/www/html/awesomeacnz/
</VirtualHost>
And here's the output of the Apache vhost diagnostic:
[aful018#wprappdev01 ~]$ sudo /usr/sbin/apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443 wprappdev01.its.auckland.ac.nz (/etc/httpd/conf.d/ssl.conf:74)
*:80 is a NameVirtualHost
default server asblog.auckland.ac.nz (/etc/httpd/conf.d/academicservices.conf:1)
port 80 namevhost asblog.auckland.ac.nz (/etc/httpd/conf.d/academicservices.conf:1)
port 80 namevhost www.dev.awesome.ac.nz (/etc/httpd/conf.d/awesomeacnz.conf:1)
port 80 namevhost www.dev.auckland.ac.nz (/etc/httpd/conf.d/insideword.conf:1)
port 80 namevhost spearblog.dev.auckland.ac.nz (/etc/httpd/conf.d/spear.conf:1)
port 80 namevhost wordpress-theme.dev.auckland.ac.nz (/etc/httpd/conf.d/theme-dev.conf:1)
Syntax OK
I can't see anything in the above that suggests a problem, but when I send a request for anything on www.dev.awesome.ac.nz the request is served by the vhost for asblog.auckland.ac.nz, which as you can see above is the default host.
Does anyone know why the vhost defined above would not be matching requests for that site? The NameVirtualHost directive in httpd.conf is set to *:80, and other similarly- (not identically-) configured sites on the same server are working fine.
The server is apache 2.2.15 running on Red Hat EL 6.1.