Linux - Server This forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
#1
LQ Newbie
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 23
Rep:
'invalid method in request' - Apache & SSL on Centos
Hi everyone,
Ever since I have changed my Centos 5 server to work with HTTPS, I've not been able to view my locally stored webpages. Apache starts fine, but any attempts to access my webserver results in a "
ssl_error_rx_record"too_long_ " error in my browser, and in the Apache error log I get the error:
"
[error] [client 192.168.1.100' invalid method in request \x16\x03\x01" .
I know my SSL certificate is fine, because It's a signed one from GoDaddy and it works fine with other services (eg. 'telnet localhost smtp' works fine for my postfix configuration).
I read somewhere that if i type the following:
Code:
# telnet 192.168.0.1 443
GET /
and a bunch of HTML code is presented, then my mod_ssl module isn't loading. Indeed, this 'HTML dump' is what is happening to me. Further, I've also read some things about running an "a2ensite" command, but this appears only to be a debian thing???
Below are the important lines of my ssl.conf and httpd.conf. I've been stumped on this for a while, so any help would be wonderful!
Thanks again, Scott
httpd.conf:
Code:
Timeout 300
LoadModule ssl_module modules/mod_ssl.so
Include conf.d/*.conf
ServerAdmin root@localhost
ServerName mail.mydomain.com.au:80
<ifDefine SSL>
<VirtualHost mail.mydomain.com.au:443>
DocumentRoot /use/share/squirrelmail
serverName mail.mydomain.com.au:443
SSLCertificateFile /etc/path/to/mydomain.crt
SSLCertificateKeyFile /etc/path/to/private/mydomain.key
SSLCertificateChainFile /etc/path/to/bundle.crt
</VirtualHost>
</ifDefine>
ssl.conf
Code:
Listen 443 https
SSLSessionCache none
SSLSessionCacheTimeout 300
Last edited by scottmusician; 09-04-2011 at 10:20 PM .
#2
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 9,608
Hi,
You cannot use telnet to test https. Better use:
Code:
openssl s_client -connect 192.168.0.1 443
and then use the GET / HTTP/1.1, etc.
Also add a
Code:
NameVirtualHost *:443
in ssl.conf and use the following to define the ssl vhost
Code:
<VirtualHost *:443>
Note also that you have an error in the Listen directive. It should be
Regards
#3
LQ Newbie
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 23
Original Poster
Rep:
hey again!
Thanks for the advice, but i am still getting the same error when i attempt to access the https:// site.
Code:
# openssl s_client -connect 192.168.0.1:443
CONNECTED(00000003)
6957:error:140770FC:SSL outines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588:
just to confirm, my ssl.conf is now looking like this:
Code:
#LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
<ifDefine SSL>
<VirtualHost *:443>
DocumentRoot /usr/share/squirrelmail
ServerName my.domain.com:443
SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/my_godaddy_bundle.crt
</VirtualHost>
</ifDefine>
thanks again
#4
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 9,608
Hi,
Somehow you're talking plain http to the ssl server. Why don't you load the mod_ssl module? And you have an error in ServerName (no need for :443 at the end)
Anyway, use the following and see if it works
Code:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /usr/share/squirrelmail
ServerName my.domain.com
SSLCertificateFile /etc/pki/tls/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/my.domain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/my_godaddy_bundle.crt
</VirtualHost>
Regards
#5
LQ Newbie
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 23
Original Poster
Rep:
Sorry I forgot to mention that I was loading mod_ssl.so from httpd.conf. For completeness sake, I have included the whole httpd.conf file below.
Anyway, Good news! (well sort of). Removing the <ifDefine> tags has gotten rid of the invalid method request error. I'm still unable to view my SquirrelMail login page whenever i attempt to access
https://my.mailserverlogin.com (or
https://my.mailserverlogin.com:443 , for that matter). Instead of the "rx_record_too_long_" I am now getting a different error:
The connection was interrupted. The connection to my.mailserverlogin.com was interrupted while the page was loading.
and this is what happens when I do an openssl s_client -connect:192.168.0.1:443 :
Code:
CONNECTED(00000003)
31951:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
There are no errors in /var/log/httpd/error_log, and the access_log simply says:
Code:
192.168.1.80 - - [08/Sep/2011:15:03:49 +1000] "\x80@\x01\x03" 302 - "-" "-"
192.168.1.80 - - [08/Sep/2011:15:06:21 +1000] "\x80w\x01\x03\x01" 302 - "-" "-"
interestingly, my SquirrelMail login page is loading (without SSL) if I visit
http://www.my.mailserverlogin.com:443 . At least httpd is now restarting without errors...
Thanks again
httpd.conf:
Code:
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
<IfModule mod_userdir.c>
UserDir disable
</IfModule>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
combinedio
CustomLog logs/access_log combined
ServerSignature On
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
---------- Post added 08-09-11 at 03:45 PM ---------- oh, btw, shall I mark this as [solved] now? Perhaps the above post belongs elsewhere?
#6
Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 9,608
As I've told you, you're talking http instead of https in the secure port.
I noticed that you miss the following in ssl.conf:
Add it inside the VirtualHost stanza and see if it works
Regards
#7
LQ Newbie
Registered: Jul 2011
Location: Melbourne, AU
Distribution: Centos 5
Posts: 23
Original Poster
Rep:
Thanks again for the reply - its all working now! seems as though the SSLEngine on did the trick.
Thread Tools
Search this Thread
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
All times are GMT -5. The time now is 06:00 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
