openSUSE 10.3 (i586)
Server version: Apache/2.2.4 (Linux/SUSE)
Server built: Nov 9 2007 14:06:03
I have googled a lot before posting here. The problem is apache doen't listen to port 443 when it is started as follows
apache2ctl start
it only listens on port 80
and logs says as follows
[Tue Apr 08 16:51:05 2008] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Apr 08 16:51:05 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Apr 08 16:51:06 2008] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Apr 08 16:51:06 2008] [info] Init: Initializing (virtual) servers for SSL
[Tue Apr 08 16:51:06 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e
[Tue Apr 08 16:51:06 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Tue Apr 08 16:51:06 2008] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Apr 08 16:51:06 2008] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Apr 08 16:51:06 2008] [info] Init: Initializing (virtual) servers for SSL
[Tue Apr 08 16:51:06 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e
[Tue Apr 08 16:51:06 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.5 with Suhosin-Patch configured -- resuming normal operations
[Tue Apr 08 16:51:06 2008] [info] Server built: Nov 9 2007 14:06:03
[Tue Apr 08 16:51:06 2008] [debug] prefork.c(991): AcceptMutex: sysvsem (default: sysvsem)
Question is, in the above logs it mentions SSL then why is it not listening for it?
Whereas httpd2 -D SSL -S confirms that configs are ok
VirtualHost configuration:
X.29.75.96:443 secure.x.x.com (/etc/apache2/vhosts.d/vhost-ssl.conf:37)
wildcard NameVirtualHosts and _default_ servers:
*:80 vhost.x.x.com (/etc/apache2/vhosts.d/vhost.conf:15)
Syntax OK
Is this the normal behaviour (not to listen for 443, while all SSL config are fine)when starting apache using apache2ctl start
I think it should be listening for both port 80 and 443 when apache config is fine.
Or do we need to explicitly tell apache as follows?
apache2ctl -D SSL -k start
netstat -atop| grep LIST
tcp 0 0 *:mysql *:* LISTEN 8375/mysqld off (0.00/0/0)
tcp 0 0 *:www-http *:* LISTEN 10241/httpd2 off (0.00/0/0)
tcp 0 0 *:https *:* LISTEN 10241/httpd2 off (0.00/0/0)
log says as follows
[Tue Apr 08 16:52:53 2008] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Apr 08 16:52:53 2008] [info] Loading certificate & private key of SSL-aware server
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Apr 08 16:52:53 2008] [info] Init: Initializing (virtual) servers for SSL
[Tue Apr 08 16:52:53 2008] [info] Configuring server for SSL protocol
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(729): Configuring RSA server certificate
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_init.c(768): Configuring RSA server private key
[Tue Apr 08 16:52:53 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e
[Tue Apr 08 16:52:53 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Tue Apr 08 16:52:53 2008] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Apr 08 16:52:53 2008] [info] Loading certificate & private key of SSL-aware server
[Tue Apr 08 16:52:53 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Tue Apr 08 16:52:53 2008] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Apr 08 16:52:54 2008] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(374): shmcb_init allocated 512000 bytes of shared memory
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(554): entered shmcb_init_memory()
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(576): for 512000 bytes, recommending 4266 indexes
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(619): shmcb_init_memory choices follow
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(621): division_mask = 0x1F
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(623): division_offset = 64
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(625): division_size = 15998
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(627): queue_size = 1604
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(629): index_num = 133
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(631): index_offset = 8
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(633): index_size = 12
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(635): cache_data_offset = 8
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(637): cache_data_size = 14386
[Tue Apr 08 16:52:54 2008] [debug] ssl_scache_shmcb.c(650): leaving shmcb_init_memory()
[Tue Apr 08 16:52:54 2008] [info] Shared memory session cache initialised
[Tue Apr 08 16:52:54 2008] [info] Init: Initializing (virtual) servers for SSL
[Tue Apr 08 16:52:54 2008] [info] Configuring server for SSL protocol
[Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(729): Configuring RSA server certificate
[Tue Apr 08 16:52:54 2008] [debug] ssl_engine_init.c(768): Configuring RSA server private key
[Tue Apr 08 16:52:54 2008] [info] Server: Apache/2.2.4, Interface: mod_ssl/2.2.4, Library: OpenSSL/0.9.8e
[Tue Apr 08 16:52:54 2008] [notice] Apache/2.2.4 (Linux/SUSE) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.5 with Suhosin-Patch configured -- resuming normal operations
[Tue Apr 08 16:52:54 2008] [info] Server built: Nov 9 2007 14:06:03
[Tue Apr 08 16:52:54 2008] [debug] prefork.c(991): AcceptMutex: sysvsem (default: sysvsem)
Is there any directive I have missed in the config which is preventing to listen on port 443 if apache2ctl start is used?
And apparently it is not using the certificate I have mentioned, apache logs says Generating temporary....... key, Why is that?
My current config is as follows
grep -v '#' httpd.conf| more
Include /etc/apache2/uid.conf
Include /etc/apache2/server-tuning.conf
ErrorLog /var/log/apache2/error_log
Include /etc/apache2/sysconfig.d/loadmodule.conf
Include /etc/apache2/listen.conf
Include /etc/apache2/mod_log_config.conf
Include /etc/apache2/sysconfig.d/global.conf
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf
Include /etc/apache2/mod_usertrack.conf
Include /etc/apache2/mod_autoindex-defaults.conf
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf
Include /etc/apache2/errors.conf
Include /etc/apache2/ssl-global.conf
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
DirectoryIndex index.html index.html.var index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl
index.html.var index.aspx default.aspx
Include /etc/apache2/default-server.conf
Include /etc/apache2/vhosts.d/*.conf
******************************************
grep -v '#' sysconfig.d/global.conf| more
Timeout 300
ServerSignature on
UseCanonicalName off
ServerTokens OS
LogLevel debug
CustomLog /var/log/apache2/access_log combined
***************************************************
grep -v '#' vhosts.d/vhost-ssl.conf | more
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost secure.x.x.com:443>
DocumentRoot "/srv/www/htdocs/secure.x.x.com"
ServerName secure.x.x.com:443
ServerAdmin
myemail@email.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/secure.x.x.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/secure.x.x.com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
*********************************************************
totterdown:/etc/apache2 # grep -v '#' vhosts.d/vhost.conf| more
<VirtualHost *:80>
ServerAdmin myemail
ServerName vhost.x.x.com
DocumentRoot /srv/www/vhosts/vhost.x.x.com
ErrorLog /var/log/apache2/vhost.x.x.com-error_log
CustomLog /var/log/apache2/vhost.x.x.com-access_log combined
HostnameLookups Off
UseCanonicalName Off
ServerSignature On
ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/"
<Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir public_html
Include /etc/apache2/mod_userdir.conf
</IfModule>
<Directory "/srv/www/vhosts/vhost.x.x.com">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
********************************************************************
grep -v '#' ssl-global.conf| more
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 600
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
</IfDefine>
</IfDefine>
*****************************************************
apache2ctl -M
ssl_module (shared)
****************************
apache2ctl -l
core.c
prefork.c
http_core.c
mod_so.c
************************************************
apache2ctl -V
Server version: Apache/2.2.4 (Linux/SUSE)
Server built: Nov 9 2007 14:06:03
Server's Module Magic Number: 20051115:5
Server loaded: APR 1.2.9, APR-Util 1.2.8
Compiled using: APR 1.2.9, APR-Util 1.2.8
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/srv/www"
-D SUEXEC_BIN="/usr/sbin/suexec2"
-D DEFAULT_PIDLOG="/var/run/httpd2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"