LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-01-2009, 12:44 AM   #1
mehoggan
LQ Newbie
 
Registered: May 2009
Posts: 4

Rep: Reputation: 0
Clients cannot connect to Apache when using HTTPS to view web pages.


Hello all this is my first post so please take it easy on me. I will try to include all the necessary information, if I leave anything out or include to much please let me know.

I am running an Apache (vs. 2.2.3-22.el5_3.1.i386), Openssl (vs. 0.9.8e-7.el5.i386) and I have downloaded and installed mod_ssl (vs. 2.2.3-22-el5_3.1.i386)


So here is my problem, I have configured Apache, and SSL (I also have PHP, and MySQL configured). I can start Apache using
# /etc/init.d/httpd start
OR
# service httpd start

If you would like to see that my website is up and running please visit http://www.geoginfo.com to see that Apache is working.

About a week ago I started to configure Apache to work with SSL so that I could get people to submit encrypted data to my server via a form that I created, and you can see by going to http://geoginfo.com/memberform.php.

My problem is if you try to access those web pages (above) via HTTPS by typing https://geoginfo.com for the URL then you will get an an Error: 104 (Error Connection Failed)

However, I can connect to that web page on the server (local host) using HTTPS.

I am not sure if this has more to do with Apache or Certificates. Anyways, presently I have no errors being generated in my log files so asking me to post error would not help. I have a clean working installation of apache configured almost the way I want it.

Below is my httpd.conf file
### Section 1: General Settings
Include conf.d/*.conf

ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Listen 192.168.1.1:80
Listen 192.168.1.1:443

<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>

### Section 2: Main Settings
#Apache Directives
User apache
Group apache
AddType application/x-httpd-php .php .php4 .php5#.html .htm
AddHandler php5-script .php
TypesConfig /etc/mime.types
DefaultType text/plain
AddDefaultCharset ISO-8859-1
LogLevel warn

#SSL Directives
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLPassPhraseDialog builtin
SSLMutex default
SSLCryptoDevice builtin

### Section 3: Virtual Hosts
NameVirtualHost 192.168.1.1:80

<VirtualHost www.geoginfo.com:80>
ServerAdmin mehoggan@gmail.com
ServerName www.geoginfo.com:80
DocumentRoot "/mnt/data/geoginfo"
DirectoryIndex index.html index.php
ErrorLog logs/error_log

<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory>

<Directory "/mnt/data/geoginfo">
Options Indexes FollowSymLinks

AllowOverride AuthConfig FileInfo
#AllowOverride None
Order allow,deny
Allow from all
</Directory>

AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
</VirtualHost>

NameVirtualHost 192.168.1.1:443

<VirtualHost www.geoginfo.com:443>

ServerAdmin mehoggan@gmail.com
ServerName www.geoginfo.com:443

DocumentRoot "/mnt/data/geoginfo"
DirectoryIndex index.html index.php

<Directory />
Options Indexes FollowSymLinks
AllowOverride None
SSLRequireSSL
</Directory>

<Directory "/mnt/data/geoginfo">
Options Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>

AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# SSL Configuration Part
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLOptions +StrictRequire

SSLProtocol all +SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>

<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>

Issuing the command:
# netstat -tna produces:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:443 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:607 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:43391 192.168.1.3:445 ESTABLISHED
tcp 0 0 192.168.1.1:43734 74.125.19.19:80 ESTABLISHED
tcp 0 0 192.168.1.1:57266 74.125.19.19:80 ESTABLISHED
tcp 0 0 :::22 :::* LISTEN

I copied the original certs from /etc/pki/tls/certs which were generated when I used #yum to install ssl into the desired directory which is specified in my httpd.conf file above.

Off the top of my head I can't think of anything else that might help others help me.

So to sum things up, I have a working version of apache running. Clients and localhost can access my server's web pages using HTTP. However, when clients try and access my server's web pages using HTTPS the get an error 104 in the browser. However, i can access my web pages via HTTPS using local host on the server its self. I personally believe that it has something to do with certs and keys and ssl, however I am unsure. Please help.

Matthew Hoggan
mehoggan@gmail.com
 
Old 06-01-2009, 12:57 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Something is fundamentally wrong with this picture. 192.168.1.0/24 is a private network. (Read: not routable across the 'net.)

A little investigation reveals:
Code:
%host www.geoginfo.com
www.geoginfo.com has address 99.11.223.198

%nc -zvw 1 99.11.223.198 80
Connection to 99.11.223.198 80 port [tcp/http] succeeded!

%nc -zvw 1 99.11.223.198 443
nc: connect to 99.11.223.198 port 443 (tcp) failed: Connection refused
So:
  • someone is providing NAT for your web server;
  • the NAT device is forwarding tcp 80 traffic to your host;
  • the NAT device is blocking tcp 443 traffic altogether.

Contact your hosting provider (or network admin) to request that tcp 443 connections to 99.11.223.198 are forwarded to your host. That's the glaring problem so far.
 
Old 06-01-2009, 03:10 PM   #3
mehoggan
LQ Newbie
 
Registered: May 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Derr... Thank you for your help, sometimes I can be so closed minded. I forgot to port foward on my router on port 443. That explains everything.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't view the .php web pages nkd Fedora 8 04-23-2008 12:57 AM
Lighttpd HTTPS Web Pages Speed Synesthesia Linux - Software 0 03-07-2007 09:16 PM
Odd Apache Error [Only servers https pages with :80] dfiore Linux - Server 8 11-28-2006 11:34 PM
[Apache2] Localhost can connect to HTTPS, but not clients in the LAN Akhran Linux - Newbie 3 09-12-2005 05:13 PM
View Apache web pages r4merlin Linux - Newbie 10 02-17-2003 07:13 PM


All times are GMT -5. The time now is 10:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration