Apache/2.2.4 openSUSE10.3 not listening on port 443 even ssl_module is present
openSUSE 10.3 (i586)
Server version: Apache/2.2.4 (Linux/SUSE) Server built: Nov 9 2007 14:06:03 I have googled a lot before posting here. The problem is apache doen't listen to port 443 when it is started as follows apache2ctl start it only listens on port 80 and logs says as follows [Tue Apr 08 16:51:05 2008] [info] Init: Seeding PRNG with 0 bytes of entropy [Tue Apr 08 16:51:05 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Apr 08 16:51:06 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Tue Apr 08 16:51:06 2008] [info] Init: Initializing (virtual) servers for SSL [Tue Apr 08 16:51:06 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e [Tue Apr 08 16:51:06 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [Tue Apr 08 16:51:06 2008] [info] Init: Seeding PRNG with 0 bytes of entropy [Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Apr 08 16:51:06 2008] [info] Init: Initializing (virtual) servers for SSL [Tue Apr 08 16:51:06 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e [Tue Apr 08 16:51:06 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.5 with Suhosin-Patch configured -- resuming normal operations [Tue Apr 08 16:51:06 2008] [info] Server built: Nov 9 2007 14:06:03 [Tue Apr 08 16:51:06 2008] [debug] prefork.c(991): AcceptMutex: sysvsem (default: sysvsem) Question is, in the above logs it mentions SSL then why is it not listening for it? Whereas httpd2 -D SSL -S confirms that configs are ok VirtualHost configuration: X.29.75.96:443 secure.x.x.com (/etc/apache2/vhosts.d/vhost-ssl.conf:37) wildcard NameVirtualHosts and _default_ servers: *:80 vhost.x.x.com (/etc/apache2/vhosts.d/vhost.conf:15) Syntax OK Is this the normal behaviour (not to listen for 443, while all SSL config are fine)when starting apache using apache2ctl start I think it should be listening for both port 80 and 443 when apache config is fine. Or do we need to explicitly tell apache as follows? apache2ctl -D SSL -k start netstat -atop| grep LIST tcp 0 0 *:mysql *:* LISTEN 8375/mysqld off (0.00/0/0) tcp 0 0 *:www-http *:* LISTEN 10241/httpd2 off (0.00/0/0) tcp 0 0 *:https *:* LISTEN 10241/httpd2 off (0.00/0/0) log says as follows [Tue Apr 08 16:52:53 2008] [info] Init: Seeding PRNG with 136 bytes of entropy [Tue Apr 08 16:52:53 2008] [info] Loading certificate & private key of SSL-aware server [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Apr 08 16:52:53 2008] [info] Init: Initializing (virtual) servers for SSL [Tue Apr 08 16:52:53 2008] [info] Configuring server for SSL protocol [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(768): Configuring RSA server private key [Tue Apr 08 16:52:53 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e [Tue Apr 08 16:52:53 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [Tue Apr 08 16:52:53 2008] [info] Init: Seeding PRNG with 136 bytes of entropy [Tue Apr 08 16:52:53 2008] [info] Loading certificate & private key of SSL-aware server [Tue Apr 08 16:52:53 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Tue Apr 08 16:52:54 2008] [info] Init: Generating temporary DH parameters (512/1024 bits) [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(374): shmcb_init allocated 512000 bytes of shared memory [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(554): entered shmcb_init_memory() [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(576): for 512000 bytes, recommending 4266 indexes [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(619): shmcb_init_memory choices follow [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(621): division_mask = 0x1F [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(623): division_offset = 64 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(625): division_size = 15998 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(627): queue_size = 1604 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(629): index_num = 133 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(631): index_offset = 8 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(633): index_size = 12 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(635): cache_data_offset = 8 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(637): cache_data_size = 14386 [Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(650): leaving shmcb_init_memory() [Tue Apr 08 16:52:54 2008] [info] Shared memory session cache initialised [Tue Apr 08 16:52:54 2008] [info] Init: Initializing (virtual) servers for SSL [Tue Apr 08 16:52:54 2008] [info] Configuring server for SSL protocol [Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(768): Configuring RSA server private key [Tue Apr 08 16:52:54 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e [Tue Apr 08 16:52:54 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.5 with Suhosin-Patch configured -- resuming normal operations [Tue Apr 08 16:52:54 2008] [info] Server built: Nov 9 2007 14:06:03 [Tue Apr 08 16:52:54 2008] [debug] prefork.c(991): AcceptMutex: sysvsem (default: sysvsem) Is there any directive I have missed in the config which is preventing to listen on port 443 if apache2ctl start is used? And apparently it is not using the certificate I have mentioned, apache logs says Generating temporary....... key, Why is that? My current config is as follows grep -v '#' httpd.conf| more Include /etc/apache2/uid.conf Include /etc/apache2/server-tuning.conf ErrorLog /var/log/apache2/error_log Include /etc/apache2/sysconfig.d/loadmodule.conf Include /etc/apache2/listen.conf Include /etc/apache2/mod_log_config.conf Include /etc/apache2/sysconfig.d/global.conf Include /etc/apache2/mod_status.conf Include /etc/apache2/mod_info.conf Include /etc/apache2/mod_usertrack.conf Include /etc/apache2/mod_autoindex-defaults.conf TypesConfig /etc/apache2/mime.types DefaultType text/plain Include /etc/apache2/mod_mime-defaults.conf Include /etc/apache2/errors.conf Include /etc/apache2/ssl-global.conf <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> DirectoryIndex index.html index.html.var index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx Include /etc/apache2/default-server.conf Include /etc/apache2/vhosts.d/*.conf ****************************************** grep -v '#' sysconfig.d/global.conf| more Timeout 300 ServerSignature on UseCanonicalName off ServerTokens OS LogLevel debug CustomLog /var/log/apache2/access_log combined *************************************************** grep -v '#' vhosts.d/vhost-ssl.conf | more <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost secure.x.x.com:443> DocumentRoot "/srv/www/htdocs/secure.x.x.com" ServerName secure.x.x.com:443 ServerAdmin myemail@email.com ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/secure.x.x.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/secure.x.x.com.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> ********************************************************* totterdown:/etc/apache2 # grep -v '#' vhosts.d/vhost.conf| more <VirtualHost *:80> ServerAdmin myemail ServerName vhost.x.x.com DocumentRoot /srv/www/vhosts/vhost.x.x.com ErrorLog /var/log/apache2/vhost.x.x.com-error_log CustomLog /var/log/apache2/vhost.x.x.com-access_log combined HostnameLookups Off UseCanonicalName Off ServerSignature On ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/" <Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin"> AllowOverride None Options +ExecCGI -Includes Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir public_html Include /etc/apache2/mod_userdir.conf </IfModule> <Directory "/srv/www/vhosts/vhost.x.x.com"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost> ******************************************************************** grep -v '#' ssl-global.conf| more <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) SSLSessionCacheTimeout 600 SSLMutex default SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> </IfDefine> </IfDefine> ***************************************************** apache2ctl -M ssl_module (shared) **************************** apache2ctl -l core.c prefork.c http_core.c mod_so.c ************************************************ apache2ctl -V Server version: Apache/2.2.4 (Linux/SUSE) Server built: Nov 9 2007 14:06:03 Server's Module Magic Number: 20051115:5 Server loaded: APR 1.2.9, APR-Util 1.2.8 Compiled using: APR 1.2.9, APR-Util 1.2.8 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/srv/www" -D SUEXEC_BIN="/usr/sbin/suexec2" -D DEFAULT_PIDLOG="/var/run/httpd2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/accept.lock" -D DEFAULT_ERRORLOG="/var/log/apache2/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf" |
Quote:
Regards |
Quote:
That is correct, I can see https listening and responding to my telnet telnet 127.0.0.1 443 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. when apache2ctl -D SSL -k start is used to start apache Whereas in the normal start it ignores ssl configuration. apache2ctl start Is that behavior normal? secondly why is it not showing that it has loaded secure.x.x.com.crt and secure.x.x.key when started with apache2ctl -D SSL -k start It only shows RSA key in the logs while I am not using secure.x.x.com.crt and secure.x.x.com.key in my config grep -v '#' vhosts.d/vhost-ssl.conf | more <IfDefine SSL> <IfDefine !NOSSL> <VirtualHost secure.x.x.com:443> DocumentRoot "/srv/www/htdocs/secure.x.x.com" ServerName secure.x.x.com:443 ServerAdmin myemail@email.com ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/secure.x.x.com.crt SSLCertificateKeyFile /etc/apache2/ssl.key/secure.x.x.com.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> |
Running "apache2ctl start" should start apache in both normal and secure mode. Since your apache configuration is split in many configuration files, I guess you have to add
Code:
Listen 443 |
It is already listening on 80 and 443
cat listen.conf | grep -v '#' Listen 80 <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> Listen 443 </IfModule> </IfDefine> </IfDefine> NameVirtualHost x.x.x.x(server ip address) ********************************************** Is it something because of ssl is loaded as a module not as a compiled module? totterdown:/etc/apache2 # apache2ctl -M which: no w3m in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games:/usr/lib/mit/bin:/usr/lib/mit/sbin) Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_default_module (shared) authz_user_module (shared) authn_dbm_module (shared) autoindex_module (shared) cgi_module (shared) dir_module (shared) env_module (shared) expires_module (shared) include_module (shared) log_config_module (shared) mime_module (shared) negotiation_module (shared) setenvif_module (shared) ssl_module (shared) suexec_module (shared) userdir_module (shared) php5_module (shared) Syntax OK totterdown:/etc/apache2 # apache2ctl -l which: no w3m in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games:/usr/lib/mit/bin:/usr/lib/mit/sbin) Compiled in modules: core.c prefork.c http_core.c mod_so.c |
Quote:
Code:
LoadModule ssl_module modules/mod_ssl.so |
Quote:
How do you start apache? Use the 'startssl' command and everything will be ok: /etc/init.d/apache2 startssl PS. Not sure if this parameter will be passed during the server startup... Will it run with the "-D SSL" option on the server reboot? There's a change that only HTTP will be up after reboot. |
All times are GMT -5. The time now is 07:39 AM. |