Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I provided my csr file and i got the signed .cer & .p7b file for a certificate.
Now how do i install it on my server?
I have a apache 2.2 server running on ubuntu 13.04
I tried adding the certificates in Apache like this
<VirtualHost *:443>
...
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certs/mydomain.cert
SSLCertificateKeyFile /etc/apache2/ssl/certs/mydomain.key
SSLCertificateChainFile /etc/apache2/ssl/certs/mydomain.cer
...
</VirtualHost>
Then i restarted the apache using
sudo /etc/init.d/apache2 restart
Still the url is asking me certificates. How should i test whether my certificate is installed?
Please advice on this.
Regards,
Nasir
CER is the certificate in a Micrsoft-specific format. IE treats the file extension in a special way. It is NOT the chain file with the intermediates CA certificates. The chain file contains all certificates between a root CA and your server certificate. Without the chain file a browser is unable to verify the chain of trust.
Your CA should have a proper cert chain file for download somewhere on their site.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm trying to set up a default server in nginx with SSL, path to SSL certificate should contain sitename, something like that
server {
listen 80 default_server;
listen 443 ssl default_server;
server_name _;
ssl_certificate ssl/$host_name/fullchain.pem;
ssl_certificate_key ssl/$host_name/privkey.pem;
and it doesn't work - in error log
cannot load certificate "/etc/nginx/ssl//fullchain.pem"
If I print this variable in headers with add_header XX "$http_host";
it shows the proper sitename. Is there any way to use sitename in certificate path? There are a lot of sites on my server with typical config so it's better for me to have just one config. Nginx version 1.18 and if I manually define some variable and put it in ssl_certificate parameter everything is working fine
You need to use $ssl_server_name instead of $host_name or $host - see an example in the docs. You see, the certificate is required before the client sends its HTTP request, so at that time $host_name and $host are not defined.
But as those docs say,
Note that using variables implies that a certificate will be loaded for each SSL handshake, and this may have a negative impact on performance.
So it's probably better to generate config files with fixed server names (and fixed certificate paths) for all your servers (using some kind of template).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have a website that runs on a framework on a LAMP stack.
Now I want to extend this website by adding a bunch of new pages, but served from a different framework on a separate LAMP stack on another server that is prepared to handle more traffic.
I don't want this traffic to pass by the original website as it will be a burden to be processed by the framework. However, I can afford to have apache forwarding the traffic request to a specific folder forwarded to a separate server with a different IP address.
For example:
mydomain.com/ -> goes to server A,
mydomain.com/folder1/ -> goes to server B
How can I accomplish this with apache?
I can even afford setup a separated server to handle the separation of these request, so each server will only receive the requests it is intended to process.
Another option could be to set a subdomain like ww2.mydomain.com pointed to the IP of a separated server but will this affect my SEO ranking?
What are other options and what would be the best option for this case?
You are looking for ProxyPass directive.
Example location for mydomain.com virtualhost:
<VirtualHost ...>
ServerName mydomain.com
...
<Location /folder1/>
ProxyPass http://serverb/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
</Virtualhost>
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have a unbent server with apache2 on it and in: /etc/apache2/sites-available I have the file: adambalan.conf which looks like this:
<VirtualHost *:80>
DocumentRoot /home/*****/WordPress
ServerName adambalan.com
</VirtualHost>
I then did:
****#localhost:/etc/apache2/sites-available$
sudo a2ensite adambalan.conf #=> Enabling site adambalan.
One The site is adambalan.com not adambalan.
So I thought, ok ill just restart apache like it told me too ...
When I do and try and go to adambalan.com I don't get my Wordpress stuff, which is all set up[ and ready to go. All I get is the typical - omg apache works. So I don't think the virtual host worked.
Ideas?
I am assuming the main httpd.conf has NameVirtualHost *:80. If not, please add.
Eventhough you are connecting to http://adambalan.com, your browser may be connecting to http://www.adambalan.com if the DNS resolves www.adambalan.com but not adambalan.com.
To cover your bases, use ServerName and ServerAlias in adambalam.conf.
ServerName adambalan.com
ServerAlias www.adambalan.com
Give it a try.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've got an installation of the apache2 package on Ubuntu 12.04, and I've installed the PHP mod so that I can run PHP scripts on my server. I'm now trying to set up the server for HTTPS. The application I'm working on needs to have https access enabled, but I've never had much experience with SSL, certs, or any of that security stuff (I'm trying to learn, however).
I've tried following tutorials online, but there always seems to be a failure with each tutorial. Here's my most recent attempt:
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart
This series of commands doesn't output any errors, but when I navigate to https://, it tells me the webpage is not available. Navigating to http:// works fine.
Am I missing something, or has this tutorial just led me astray? I'd really like to figure out how to enable Apache on Ubuntu 12.04 to handle https requests. :)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a server running Ubuntu 12.04 LTS, Pound 2.6 and Apache 2.2. I have also the apache module mod_rpaf (installed from https://github.com/gnif/mod_rpaf) installed and enabled to ensure, that in the variable REMOTE_ADDR appears the real user ip address and not the address of the proxy.
This works fine, but the variable REMOTE_HOST is not changed by mod_rpaf. This variable contains "localhost" and not the host of the given user ip address.
Can you help me, please?
Here is my mod_rpaf configuration:
root#perseus ~ # cat /etc/apache2/mods-enabled/rpaf.conf
RPAF_Enable On
RPAF_ProxyIPs 127.0.0.1
RPAF_Header X-Forwarded-For
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
Thank you
Check theses answers on a previous question about a missing REMOTE_HOST:
REMOTE_HOSTS is a variable that may or may not be populated by apache (and it's better if it is not set, else it imply a DNS query by apache for every incoming request). So Nothing on your code should rely on REMOTE_HOST. No application should assume this variable will be there and correctly filled.
mod_rpaf does what it is designed for, documentation:
Sets REMOTE_ADDR, HTTPS, and HTTP_PORT to the values provided by an upstream proxy.
Now you have a working REMOTE_ADDR, which is the only variable you should trust, make a copy of it in REMOTE_HOST if you really wants that, and simply do it in your application code.
There is a bug in Ubuntu LTS 12.04 that prevents rpaf to work at all.
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-rpaf/+bug/1002571
workaround
in rpaf.conf replace
<IfModule mod_rpaf.c>
by
<IfModule mod_rpaf-2.0.c>