LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   'invalid method in request' - Apache & SSL on Centos (http://www.linuxquestions.org/questions/linux-server-73/invalid-method-in-request-apache-and-ssl-on-centos-901115/)

scottmusician 09-04-2011 07:14 PM
'invalid method in request' - Apache & SSL on Centos
 
Hi everyone,

Ever since I have changed my Centos 5 server to work with HTTPS, I've not been able to view my locally stored webpages. Apache starts fine, but any attempts to access my webserver results in a "ssl_error_rx_record"too_long_" error in my browser, and in the Apache error log I get the error:
"[error] [client 192.168.1.100' invalid method in request \x16\x03\x01".

I know my SSL certificate is fine, because It's a signed one from GoDaddy and it works fine with other services (eg. 'telnet localhost smtp' works fine for my postfix configuration).

I read somewhere that if i type the following:
Code:
# telnet 192.168.0.1 443
GET /
and a bunch of HTML code is presented, then my mod_ssl module isn't loading. Indeed, this 'HTML dump' is what is happening to me. Further, I've also read some things about running an "a2ensite" command, but this appears only to be a debian thing???

Below are the important lines of my ssl.conf and httpd.conf. I've been stumped on this for a while, so any help would be wonderful!

Thanks again, Scott


httpd.conf:
Code:
Timeout 300
LoadModule ssl_module modules/mod_ssl.so
Include conf.d/*.conf
ServerAdmin root@localhost
ServerName mail.mydomain.com.au:80
<ifDefine SSL>
<VirtualHost mail.mydomain.com.au:443>
DocumentRoot /use/share/squirrelmail
serverName mail.mydomain.com.au:443

SSLCertificateFile /etc/path/to/mydomain.crt
SSLCertificateKeyFile /etc/path/to/private/mydomain.key
SSLCertificateChainFile /etc/path/to/bundle.crt
</VirtualHost>
</ifDefine>
ssl.conf
Code:
Listen 443 https

SSLSessionCache none
SSLSessionCacheTimeout 300

bathory 09-05-2011 12:39 AM
Hi,

You cannot use telnet to test https. Better use:
Code:
openssl s_client -connect 192.168.0.1 443
and then use the GET / HTTP/1.1, etc.

Also add a
Code:
NameVirtualHost *:443
in ssl.conf and use the following to define the ssl vhost
Code:
<VirtualHost *:443>
Note also that you have an error in the Listen directive. It should be
Code:
Listen 443
Regards

scottmusician 09-07-2011 07:55 AM
hey again!

Thanks for the advice, but i am still getting the same error when i attempt to access the https:// site.

Code:
# openssl s_client -connect 192.168.0.1:443
CONNECTED(00000003)
6957:error:140770FC:SSL outines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588:
just to confirm, my ssl.conf is now looking like this:
Code:
#LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443

<ifDefine SSL>
<VirtualHost *:443>
DocumentRoot /usr/share/squirrelmail
ServerName my.domain.com:443
SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key
SSLCertificateChainFile  /etc/pki/tls/certs/my_godaddy_bundle.crt
</VirtualHost>
</ifDefine>
thanks again :)

bathory 09-07-2011 08:42 AM
Hi,

Somehow you're talking plain http to the ssl server. Why don't you load the mod_ssl module? And you have an error in ServerName (no need for :443 at the end)
Anyway, use the following and see if it works
Code:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443

<VirtualHost *:443>
DocumentRoot /usr/share/squirrelmail
ServerName my.domain.com
SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key
SSLCertificateChainFile  /etc/pki/tls/certs/my_godaddy_bundle.crt
</VirtualHost>
Regards

scottmusician 09-08-2011 12:44 AM
Sorry I forgot to mention that I was loading mod_ssl.so from httpd.conf. For completeness sake, I have included the whole httpd.conf file below.

Anyway, Good news! (well sort of). Removing the <ifDefine> tags has gotten rid of the invalid method request error. I'm still unable to view my SquirrelMail login page whenever i attempt to access https://my.mailserverlogin.com (or https://my.mailserverlogin.com:443 , for that matter). Instead of the "rx_record_too_long_" I am now getting a different error:

The connection was interrupted. The connection to my.mailserverlogin.com was interrupted while the page was loading.

and this is what happens when I do an openssl s_client -connect:192.168.0.1:443 :
Code:
CONNECTED(00000003)
31951:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
There are no errors in /var/log/httpd/error_log, and the access_log simply says:
Code:
192.168.1.80 - - [08/Sep/2011:15:03:49 +1000] "\x80@\x01\x03" 302 - "-" "-"
192.168.1.80 - - [08/Sep/2011:15:06:21 +1000] "\x80w\x01\x03\x01" 302 - "-" "-"
interestingly, my SquirrelMail login page is loading (without SSL) if I visit http://www.my.mailserverlogin.com:443 . At least httpd is now restarting without errors...

Thanks again :)

httpd.conf:
Code:
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off

MaxKeepAliveRequests 100
KeepAliveTimeout 15

<IfModule prefork.c>
StartServers      8
MinSpareServers    5
MaxSpareServers  20
ServerLimit      256
MaxClients      256
MaxRequestsPerChild  4000
</IfModule>

<IfModule worker.c>
StartServers        2
MaxClients        150
MinSpareThreads    25
MaxSpareThreads    75
ThreadsPerChild    25
MaxRequestsPerChild  0
</IfModule>

Listen 80

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so

Include conf.d/*.conf

User apache
Group apache

ServerAdmin root@localhost

UseCanonicalName Off

DocumentRoot "/var/www/html"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
</Directory>

<IfModule mod_userdir.c>
    UserDir disable
</IfModule>

DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
TypesConfig /etc/mime.types

DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

combinedio
CustomLog logs/access_log combined

ServerSignature On

Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule mod_dav_fs.c>
    # Location of the WebDAV lock database.
    DAVLockDB /var/lib/dav/lockdb
</IfModule>

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif

ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddDefaultCharset UTF-8

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

AddHandler type-map var

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

</IfModule>
</IfModule>

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully


---------- Post added 08-09-11 at 03:45 PM ----------

oh, btw, shall I mark this as [solved] now? Perhaps the above post belongs elsewhere?

bathory 09-08-2011 02:06 AM
Quote:
interestingly, my SquirrelMail login page is loading (without SSL) if I visit http://www.my.mailserverlogin.com:443 . At least httpd is now restarting without errors...
As I've told you, you're talking http instead of https in the secure port.
I noticed that you miss the following in ssl.conf:
Code:
SSLEngine on
Add it inside the VirtualHost stanza and see if it works

Regards

scottmusician 09-14-2011 11:38 PM
Thanks again for the reply - its all working now! seems as though the SSLEngine on did the trick.

Incidentally, I also had to remove the paraphrase from my .key file before my newly downloaded SSL certificate would start to work.

So glad its going - Thanks again!


All times are GMT -5. The time now is 03:54 PM.