I've installed Apache on CentOS and have not enabled SSL, and yet I get the following error.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please. Hint:
https://192.168.1.50/ Apache/2.2.15 (CentOS) Server at 192.168.1.50
Port 443
The page I was testing it is a simple html page.
I did not make many changes to the fleshly installed Apache. The only things I edited are IPTABLES config file to allow LAN access on port 80 and the httpd.conf file to change document root.
I've installed Apache before(on Fedora), but didn't have this problem.
Thank you.
I managed to find the problem. I found a sll.conf file that contains all of the SSL configuration lines. The SSL was enabled by default, its weird. It is located in /etc/httpd/conf.d/ and a simple
<VirtualHost _default_:443>
SSLEngine off
</VirtualHost>
did the trick.
Related
Hello and thank you for reading.
I have a windows 2016 server running apache.
I am attempting to have a virtual host set up on one port (8080) and
have it automatically forward any and everything it sees to the main Apache host
(The not virtual instance? I'm unclear of the correct term to call it)
which lives on port 80
My configuration is below.
I show that the server is listening on both port 80 and 8080.
When I go to port 80. I get the default "It works" page
When I go to port 8080
I get the following error:
Internal Server Error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at admin#example.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
I consult the log and I see the following message
[Thu Sep 24 07:29:16.128967 2020] [proxy:warn] [pid 4860:tid 1076] [client 192.168.50.160:64768] AH01144: No protocol handler was valid for the URL / (scheme 'https'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
I am attempting to do this without any ssl/or encrypption
A copy of my configuration and loaded modules is listed below.
I have included only the parts of the base conf file that have been modified
What am I missing, or what should i try next to fix?
Thank you community.
You're encountering an issue as your SSL is not configured, and you're trying to go through HTTPS, as Eliezer stated you need to create your key, to do so I use LetsEncrypt (certbot) but the choice is up to you, (and I'm on Ubuntu)
Your ports.conf file should have some lines that look like this like this:
Listen 8080
IfModule ssl_module //add the missing < > around the IfModule
Listen 443
IfModule
You also need to add <VirtualHost *:443> Your configuration inside the tags</VirtualHost> tag in your conf after adding it to the listened port
And then your conf file, you need to enable SSL :
ServerName domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
I would also advise to force redirection on https, once your SSL is configured with a rewrite rule:
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
This answer is base for an Apache Ubuntu config, but I think can you work from it to your Windows Server Apache config
It sounds like you're connecting to 192.168.50.160:8080 using https, not http. If you want to use HTTPS, you'll need to set up your :8080 VirtualHost to support it properly.
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04
I am new in Apache's world, and I need to connect a server (Ubuntu system ) located in my DMZ area to a Tomcat server (Windows server System) in my network. So I wrote on my Ubuntu Apache /etc/apache2/sites-available/default-ssl:
<VirtualHost *:443>
<Location /example>
ProxyPass http://tomcatIP:8080/example/
ProxyPassReverse https://mydomain/example/
</Location>
</VirtualHost>
I restart my Apache and on the browser doesnt display anything, however if i choose source code I can see all the php, javascript, html code.
I checked the log from Apache and there are a lot logs like this:
AH00128: File does not exits: /var/html/...
I checked my firewall and everything is correct. I don`t know why my apache doesn't search on Tomcat server. Do I need more code? on apache.conf?
Many thanks for the help
You need to configure AJP Connector on Web-Server and on Tomcat Application Server.
https://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
Afer read documentation, I checked the Tomcat configuration and I watched that it wasn't the "tipical" Tomcat, it completly customized for Servicedesk software, and after many tries and fails I couldn't do anything, finally the costumer service told me that is impossible an Apache connection. ¬¬
Thanks anyway!!
Apologies this question is a mix of Chef and Apache-httpd, but ultimately I believe it's an Apache-httpd configuration issue.
I have a Chef client/node happily hitting a Chef Server w/ SSL.
Chef client/node - /etc/chef/client.rb
chef_server_url 'https://chefserverhostname/organizations/myOrg'
ssl_verify_mode :verify_peer
I'm trying to put a proxy in front of the Chef Server so I can re-point down the road if needed. Apache-httpd is installed fine (on the same box as Chef Server), all firewall and iptables are consistent with my below configuration.
Chef Server - /etc/httpd/conf/httpd.conf
Listen 8443
<VirtualHost *:8443>
ServerAdmin me#email
ServerName chefserverhostname
ServerAlias CDS-PROXY
ProxyPass / https://chefserverhostname:443/
ProxyPassReverse / https://chefserverhostname:443/
RewriteEngine On
</VirtualHost>
I reconfigure the Chef client/node's client.rb to point to https://chefserverhostname:8443/organizations/myOrg, and hope to have the request pass through the proxy. ChefServer/nginx is listening on 443 and I'm assuming that it's taking care of the SSL decrypt, and 8443 is just the 'pass-through'. But when I fire up my Chef client/node I'm getting an SSL error message:
ERROR: SSL Validation failure connecting to host: chefserverhostname - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol
You are using HTTPS but your vhost does not have any configuration to enable mod_ssl or another TLS option. As such, you should be using http://hostname:8443 but this very not recommended.
Chef Server is an appliance at heart and this kind of extra proxy layer is possible but not how things are intended to operate. You should just use the default setup which already includes a fronting nginx proxy for Erchef and friends.
You can check https://github.com/chef-cookbooks/httpd this recipe and configure properly apache ssl and additional modules.
To me is also not ok to drop SSL connection on chef server - base on your current setup.
Since you have nginx on your machine you can extend the configuration there to support reverse proxy. Later on if you remove chefserver/nginx from this machine and you want only to leave proxy, install new nginx and apply the same conf for proxy configuration.
I rather drop apache from your setup.
I have a CentOs 7.1 with Apache httpd running on port 9000.
So if i type in my browser: http://192.168.56.101:9000/ I see the Apache Testing 123 Page.
I also have a GitLab Server running on port 8888, but this port is closed by the firewall.
I want that Apache redirects traffic to http://192.168.56.101:9000/gitlab internally to the GitLab server.
I have done this in my Apache config file /etc/httpd/conf/httpd.conf:
<VirtualHost *:9000>
ProxyPass /gitlab http://192.168.56.101:8888/users/sign_in
ProxyPassReverse /gitlab http://192.168.56.101:8888/users/sign_in
</VirtualHost>
When users browse to http://192.168.56.101:9000/gitlab the login page appears (css seems broken though), but when logging in this appears:
Not Found
The requested URL /users/sign_in was not found on this server.
Is this something that is configurable with Apache and if so how?
Do I need to use some sort of Url-Rewriting, if yes which and how to get started?
All the links in gitlab will presume you are pointing at the original server.
So you need to look at mod_proxy_html to also replace these links in the HTML:
https://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html
I've been having problems attempting to implement a reverse SSL proxy on Apache for an HTTP application on Ubuntu 14.04. As a baseline, the application works fine when I access it via port 8000 in the browser normally. For all intents and purposes, let's say the IP of my app is 192.141.56.11 (I do not have a domain name yet). The application runs with HTTP Basic Auth, I don't know if it's relevant. Basically I'm fishing for some glaring error here and would be grateful if you could help me out. Here is a log of my process:
I created my SSL cert and key and put them in the following locations:
/etc/apache/ssl/apache.crt (I performed chmod 644 here)
/etc/apache/ssl/apache.key (I performed chmod 400 here)
I then installed:
apt-get install apache2
a2enmod proxy
a2enmod ssl
a2enmod proxy_http
I then disabled the default config with:
a2dissite 000-default
I created the file "/etc/apache2/sites-available/redirect.conf"
I then created the file "/etc/apache2/sites-available/redirect.conf" and copied the text below:
<VirtualHost *:80>
Redirect "/" "https://192.141.56.11"
</VirtualHost>
After, I created the file "/etc/apache2/sites-available/reverse_proxy.conf" and copied below:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache/ssl/apache.crt
SSLCertificateKeyFile /etc/apache/ssl/apache.key
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
and did:
service apache2 restart
I now attempt to access the UI of the application on another machine in the Chrome browser. When trying:
https://192.141.56.11
I get a general SSL connection error.
However, trying
http://192.141.56.11:8000
gives me the application, as if none of my config changed anything. However,
192.141.56.11:80
gives me an "Index Of" page with an html folder that says "Apache/2.4.7 (Ubuntu) Server at 192.141.56.11 Port 80"
192.141.56.11:443
gives me the same result except with "Apache/2.4.7 (Ubuntu) Server at 192.141.56.11 Port 443"
I've tried all manners of configurations but can't get what I want -- any ideas here?
EDIT: I tried https[:]//192.141.56.11 and got a more specific SSL error:
received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
EDIT2: After running apache, I get this warning;
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
I suppose this is fine as I am using an IP and not a domain name.
EDIT3: It turns out I needed to do:
a2ensite reverse_proxy.conf.
Now https[:]//192.141.56.11 works but defaults to an apache page. working on this.
EDIT4: I had to do
a2dissite default-ssl.conf
Now It actually redirects to the app on https[:]//192.141.56.11!! But I can still access the app via port 8000, which is bad {still working on}
EDIT5: IN the end, I couldn't figure out how to block access to the original app via port 8000 on Apache. Instead, I just implemented iptables on the server so that it can only be accessed via HTTPS. This is probably not the correct method. but all I could think of.