LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-19-2004, 07:26 PM   #1
carlg
LQ Newbie
 
Registered: Apr 2004
Posts: 27

Rep: Reputation: 15
Apache Help (Secure Web Server)


I have really been having some problems setting up a secure (https) web server. I got past one problem last week and now I'm on another one which I have been on since the weekend. I am using Fedora Core 1. Apache starts up perfectly fine, all the log files are OK. When I run the server with regular http on port 80, it works fine. As soon as I try to do the secure server (https) on port 443, I cannot get it to work.

Even with the https, the server starts fine and all logs have no errors. When I try to access the page from remote browser, it says that the page is not found.

I am sure I am accessing it correctly (https://ipaddress), I even made sure that there was a hole in the firewall for port 443 using iptables command.

What else could be wrong? Why can't the browser find this server? Oh and the problem isn't my browser because I can access other https sites.

I included a copy/paste of my httpd.conf and ssl.conf files below just in case anyone asks (with comments deleted)

Thanks in advance for any help!!


Here is my httpd.conf
ServerRoot "/usr/local/apache2"
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
</IfModule>
</IfModule>
<IfModule !mpm_netware.c>
<IfModule !perchild.c>
</IfModule>
</IfModule>
<IfModule !mpm_netware.c>
PidFile logs/httpd.pid
</IfModule>
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 5
MaxClients 10
MaxRequestsPerChild 10000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild 0
</IfModule>
<IfModule beos.c>
StartThreads 10
MaxClients 50
MaxRequestsPerThread 10000
</IfModule>
<IfModule mpm_netware.c>
ThreadStackSize 65536
StartThreads 250
MinSpareThreads 25
MaxSpareThreads 250
MaxThreads 1000
MaxRequestsPerChild 0
MaxMemFree 100
</IfModule>
<IfModule mpmt_os2.c>
StartServers 2
MinSpareThreads 5
MaxSpareThreads 10
MaxRequestsPerChild 0
</IfModule>
LoadModule php4_module modules/libphp4.so
<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
User apache
Group apache
</IfModule>
</IfModule>
ServerAdmin you@example.com
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
UserDir public_html
DirectoryIndex index.php index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log common
ServerTokens Full
ServerSignature On
Alias /icons/ "/usr/local/apache2/icons/"

<Directory "/usr/local/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/local/apache2/manual$1"

<Directory "/usr/local/apache2/manual">
Options Indexes
AllowOverride None
Order allow,deny
Allow from all

<Files *.html>
SetHandler type-map
</Files>

SetEnvIf Request_URI ^/manual/de/ prefer-language=de
SetEnvIf Request_URI ^/manual/en/ prefer-language=en
SetEnvIf Request_URI ^/manual/es/ prefer-language=es
SetEnvIf Request_URI ^/manual/fr/ prefer-language=fr
SetEnvIf Request_URI ^/manual/ja/ prefer-language=ja
SetEnvIf Request_URI ^/manual/ko/ prefer-language=ko
SetEnvIf Request_URI ^/manual/ru/ prefer-language=ru
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
</Directory>
ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"

<IfModule mod_cgid.c>
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddDefaultCharset ISO-8859-1

AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
AddType application/x-httpd-php .php .phtml .html
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully

<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>












Here is the ssl.conf file
myipaddress is a real ipaddress






SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen myipaddress:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache2/logs/ssl_mutex

<VirtualHost myipaddress:443>
DocumentRoot "/var/www/html"

ServerName myipaddress:443
ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/carlg
TransferLog /usr/local/apache2/logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>
 
Old 10-19-2004, 07:46 PM   #2
this213
Member
 
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167

Rep: Reputation: 34
You could try changing:
Listen yourIpAddress:443
to:
Listen 443

Also, I'm pretty sure you need to NameVirtualHost yourIpAddress before you can <VirtualHost youripaddress:443> A better solution would be to simply:
If you're not hosting more than 1 SSL site:
<VirtualHost _default_:443>
or, if you are:
<VirtualHost *:443>
or, barring all that
NameVirtualHost yourIpAddress:80
<VirtualHost yourIpAddress:80>

Other than that - I'm not sure about the <IfDefine SSL> Block - none of my servers have that. If the above doesn't work, try remove the opening and closing statements for that. Apache should be able to figure out if it's being accessed SSL or not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure web server under RH9 Spydr Linux - Software 0 09-18-2003 11:31 PM
secure game/web server? ixion Linux - Security 1 09-09-2003 05:06 PM
Secure web server sanjibgupta Linux - Newbie 1 08-27-2003 07:05 AM
best ver. of linux rd to use with rd secure web server 2.x simbad Linux - Newbie 1 01-15-2003 09:20 AM
Secure Web Server HowTo from SuSE mcleodnine Linux - Security 0 08-02-2001 09:41 PM


All times are GMT -5. The time now is 03:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration