LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-09-2005, 02:26 AM   #1
Malibyte
Member
 
Registered: Dec 2001
Location: California, USA
Distribution: Ubuntu, Debian
Posts: 118

Rep: Reputation: 15
Apache2 and SSL problems


Hi all -

I'm trying to set up a new web server under Debian unstable, using Apache 2.0.54. There are no virtual hosts, only the single, default host. I need http: on port 80 and https: on port 443. Certificate and key files are set up and referenced correctly in /etc/apache2/mods-available/ssl.conf (and the symlink exists to this file in /etc/apache2/mods-enabled).

Right now, it's only speaking SSL on *both* ports 80 and 443.

If I try to access it on port 80 via plain http: (http://yoda.malibyte.net *or* http://yoda.malibyte.net:80), I get:


Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://yoda.malibyte.net/

Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-15 mod_ssl/2.0.54 OpenSSL/0.9.7g Server at yoda.malibyte.net Port 443


So, http: requests are getting routed to port 443, which is obviously speaking SSL (as it should - but why are http: requests getting sent there?).

If I try speaking SSL on port 80 (https://yoda.malibyte.net:80) - the request goes through and I get the box asking me if I want to accept the certificate (and if I do, it serves up the page). This also works correctly on port 443 (https://yoda.malibyte.net).


Here are the config files:

/etc/apache2/sites-available/mod-default:

Listen 80
ServerAdmin adm@malibyte.net
ServerName yoda.malibyte.net
DocumentRoot "/var/www/html/"
<Directory />
Options FollowSymLinks
AllowOverride None
AllowOverride Options FileInfo
</Directory>
<Directory "/var/www/html/">
Options Indexes FollowSymLinks MultiViews
# AllowOverride None
AllowOverride Options FileInfo
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

A variation of this file with most of the above in a
<VirtualHost *>...</VirtualHost> construct didn't work any better.


And /etc/apache2/mods-available/ssl.conf:

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/apache2/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/apache2/ssl_mutex
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>

##
## SSL Host Context
##

DefaultType text/html
Listen 443

<VirtualHost _default_>
ServerName yoda.malibyte.net
ServerAdmin adm@malibyte.net
DocumentRoot "/var/www/html"

SSLEngine On

ErrorLog /var/log/apache2/ssl_error.log
TransferLog /var/log/apache2/ssl_access.log
SSLCertificateFile /etc/apache2/ssl/ssl.crt/xxxx.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key/xxxx.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
CustomLog /var/log/apache2/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php index.html
</VirtualHost>

I've Googled this and found a few similar, but not the same, issues; several involve the older Apache 1.3.xx - there are significant differences in the config files.

I'm not finding anything useful in the log files which would give me an idea as to what's up.

I'm sure I'm missing something simple here. If anyone could clue me in, I'd appreciate the help.

Thanks....Bob

Last edited by Malibyte; 07-09-2005 at 11:46 AM.
 
Old 07-09-2005, 04:14 PM   #2
Malibyte
Member
 
Registered: Dec 2001
Location: California, USA
Distribution: Ubuntu, Debian
Posts: 118

Original Poster
Rep: Reputation: 15
Fixed. Why it didn't work last night has me scratching my head, but it
seems to be OK now.


>Subject: Re: SSL on port 80

>Robert:

>Very odd. When I had tried to add the ":443" to the virtual host
>construct last night, it kept on giving me syntax errors. Today it
>worked. Very strange. That was one to the first things I did, and it
>didn't work...but now it is. Hmmmm....I must have had something else
>out of whack as well. Anyway, thanks for getting me to try it again!

>Bob

>On Sat, 9 Jul 2005, Robert N. Waybright wrote:

>> Bob,
>> I am no great Apache guru, but it looks like you may have defined
>> your default virtual host to be SSL (note the SSLEngine On). Mine
>> has a host section plus a _default_:443 section that looks like this:
>>
>> <VirtualHost _default_:443>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 09:07 AM
compiling apache2 with SSL devfreak Linux - Software 1 05-22-2005 11:18 AM
Apache2, SSL, HTTPS... KneeLess Debian 3 09-02-2004 09:44 PM
Where's a good Apache2 + SSL Howto groover Linux - Software 4 04-05-2004 07:04 PM
Apache2 + SSL for the first time ridertech Linux - Newbie 0 02-14-2004 03:36 AM


All times are GMT -5. The time now is 10:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration