LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Odd Apache Error [Only servers https pages with :80] (http://www.linuxquestions.org/questions/linux-server-73/odd-apache-error-%5Bonly-servers-https-pages-with-80%5D-504370/)

dfiore 11-23-2006 11:28 PM

Odd Apache Error [Only servers https pages with :80]
 
hello all,

i am having an odd apache error. i am trying to move a non secure site to a secure site. The non secure site worked perfectly fine until i attempted to move everything over. Currently if you go to the non secure site it tells you to go the secure site. this will only work with the link it provides (an error message really) saying:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

the site will not serve on https: // without :80

here are my specs and config files: (httpd.conf and ssl.conf shortend to be able to show it here)

rpm -qa httpd
httpd-2.0.54-10.4
uname -a
Linux 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 athlon i386 GNU/Linux
rpm -qa mod_ssl
mod_ssl-2.0.54-10.4



Code:

httpd.conf

Listen xxx.xxx.xxx.xxx:80
Listen xxx.xxx.xxx.xxx:80
#Listen *:443
Listen xxx.xxx.xxx.xxx:443
Listen xxx.xxx.xxx.xxx:443

# Virtual hosts
#
# Virtual host Default Virtual Host
#<VirtualHost *>
#      ServerSignature email
#      DirectoryIndex  index. php index. html index. htm index. shtml
#      LogLevel  warn
#      HostNameLookups off
#</VirtualHost>

# Virtual host domain. net
#<VirtualHost xxx.xxx.xxx.xxx:80>
#      ServerAdmin webmaster @ domain. net
#      ServerName domain. net
#        DocumentRoot /var/www/html/domain
#      DirectoryIndex index. html index. htm index. shtml index. php
#</VirtualHost>

# Virtual host domain. net
#<VirtualHost xxx.xxx.xxx.xxx:80>
#      ServerAdmin webmaster @ domain. net
#      ServerName domain. net
#      DocumentRoot /var/www/html/domain
#      DirectoryIndex index. html index. htm index. shtml index. php
#</VirtualHost>



ssl.conf

##
## SSL Virtual Host Context
##

# Virtual HTTPS Web Server for domain. net
<VirtualHost xxx.xxx.xxx.xxx>
      ServerAdmin webmaster @ domain. net
      ServerName domain. net
      DocumentRoot /var/www/html/domain
      DirectoryIndex index. html index. htm index. shtml index. php
      SSLEngine on
      SSLCertificateFile /var/www/html/domain/certs/mycert.pem
      SSLCertificateKeyFile /var/www/html/domain/certs/mycert.pem
      LogLevel warn
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</VirtualHost>

# Virtual HTTPS Web Server for domain. net
<VirtualHost xxx.xxx.xxx.xxx>
      ServerAdmin webmaster @ domain. net
      ServerName domain. net
      DocumentRoot /var/www/html/domain
      DirectoryIndex index. html index. htm index. shtml index. php
      SSLEngine on
      SSLCertificateFile /var/www/html/domain/certs/mycert.pem
      SSLCertificateKeyFile /var/www/html/domain/certs/mycert.pem
      LogLevel warn
</VirtualHost>


unSpawn 11-24-2006 05:17 AM

Here's the rules: HTTP is served on port TCP/80 and HTTPS is served on port TCP/443. Do not serve HTTPS on port TCP/80. These are RFC defaults and clients expect it that way, so set up your httpd.conf accordingly.

dfiore 11-24-2006 08:25 AM

thank you for the information, but thats not helpful at all. i understand the rules of the RFC, i want to repair it and i dont know how. can anyone offer any info?

jsnmtth 11-24-2006 02:19 PM

I think your problem is in your virtual domain setup. Try specifying ports for them as shown in the examples below.

I don't think the server should be told to listen on port 443 in the httpd.conf file either, but it's been a long time since I used such a configuration.
I have a two compiled servers running on the same machine one setup for ssl only and the other without to enable to non ssl server to utilize name virtual host.


Put in httpd.conf
-----------------------------------------------------------------------
# Virtual host domain. net
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin webmaster @ domain. net
ServerName domain. net
DocumentRoot /var/www/html/domain
DirectoryIndex index. html index. htm index. shtml index. php
</VirtualHost>


Put in ssl.conf
-----------------------------------------------------------------------
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin webmaster @ domain. net
ServerName domain. net
DocumentRoot /var/www/html/domain
DirectoryIndex index. html index. htm index. shtml index. php
SSLEngine on
SSLCertificateFile /var/www/html/domain/certs/mycert.pem
SSLCertificateKeyFile /var/www/html/domain/certs/mycert.pem
LogLevel warn
</VirtualHost>

dfiore 11-24-2006 04:13 PM

i dont need both to be able to run, i would only need https (443) to run. The ssl.conf file is simply an extention of the httpd.conf file. It is included in the httpd.conf file like this:

#
# Load config files from the config directory "/etc/httpd/conf.d".
#
Include conf.d/*.conf

the ssl.conf file is located in the conf.d directory.

further to that i have tried your suggestion of adding the port and it does not work. when these changes are made the server stops responding completely on https and the http responds with the default host (apache test page)

i am a bit stymed at the moment. i use apache-ssl on a debian box and it works perfect.

thank you for the suggestions, any more by any chance ?

dave

gilead 11-24-2006 05:13 PM

I use name based virtual hosts and specify the port as jsnmtth suggested, but I also use the NameVirtualHost *:443 directive at the top of my VirtualHost section. I also don't include the IP address, for example I use <VirtualHost *:80> and <VirtualHost *:443>

jsnmtth 11-28-2006 02:33 PM

"I use name based virtual hosts and specify the port as jsnmtth suggested, but I also use the NameVirtualHost *:443 directive at the top of my VirtualHost section. I also don't include the IP address, for example I use <VirtualHost *:80> and <VirtualHost *:443>"


You can't use named based virtual hosts with an encrypted server. The keys are bound to the ip address. It would have to decrypt the header to figure out which virtual host is used in the name based scheme prior to having a key. To use multipal sites on the same server with ssl encryption you would need an IP address for each "Virtual Host".

What I have done is to refer all secure traffic to a single host on a compiled apache setup in a custom directory eg: /usr/local/apaches. Then the normal hosts with name virtual host on a compiled apache set in the default directory eg: /usr/local/apache2. I had to compile php 2 times (one for each server) and point to it's APXS2 to build the php module correctly. I also configure the servers to specifically listen to their respective ports.

I played with hosting other secure sites on an alternitive port(as opposed to an alternitive ip) as well. I abandoned the project all together, it might be promising if you'r redirecting people from a link.

gilead 11-28-2006 04:06 PM

Quote:

Originally Posted by jsnmtth
You can't use named based virtual hosts with an encrypted server. The keys are bound to the ip address. It would have to decrypt the header to figure out which virtual host is used in the name based scheme prior to having a key. To use multipal sites on the same server with ssl encryption you would need an IP address for each "Virtual Host".

You can but only in one practical circumstance. I use virtual hosting with SSL when there are several domains served using http and only one using https.

This works just fine as long as nobody accidentally puts https instead of http for one of the non-ssl served domains. For low volume, controlled environments (development team docs on a LAN, etc.) this is acceptable but I don't use it on any of my production boxes.

Yes, the apache docs are very clear that multiple ssl domains will not work (http://httpd.apache.org/docs/2.0/ssl...aq.html#vhosts). My comment was to provide dfiore with config information that had worked for me.

dfiore 11-28-2006 11:34 PM

thanks for the help all. i have since removed apache 1.3 and upgraded to apache 2 and avoided all of this issues. it is all now working properly.

dave


All times are GMT -5. The time now is 07:44 PM.