Getting SSL onto PORT 443
Hello,
I just set up SSL and it works if I set my virtual host to a number greater than 1024 https://www.myhost.com:1025 -- works However, i'd like to get this on 443 https://www.myhost.com -- does not work My initial httpd process is running as root and I verified this with ps -A -f My port is open on 443 and I verified this with nmap -sS -O myhost.com Any clue what could be going on? Thanks in advance, billy |
The way I do it is something like this:
NameVirtualHost <ip>:443 <VirtualHost <ip>:443> DocumentRoot /home/httpd/secure ServerName <servername> ServerPath / SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:+EXP:+eNU SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.key <Directory /> Options FollowSymLinks AllowOverride Options FileInfo <IfModule mod_access.c> Order allow,deny Allow from all </IfModule> </Directory> DirectoryIndex index.html index.php index.php4 </VirtualHost> Btw, it might not be in your best interest to run apache as root..... most people agree it is a better idea to run apache under it's own user. |
got all that ....it works fine for ports > 1024 ...just not < 1024
|
That is wierd, you have iptables blocking it or something?
|
Chain INPUT (policy ACCEPT)
target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Lokkit-0-50-INPUT (2 references) target prot opt source destination ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp ACCEPT udp -- 192.168.0.1 anywhere udp spt:domain dpts: 1025:65535 ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S YN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY N,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S YN,RST,ACK/SYN ACCEPT udp -- anywhere anywhere udp spts:bootps:boot pc dpts:bootps:bootpc ACCEPT udp -- anywhere anywhere udp spts:bootps:boot pc dpts:bootps:bootpc ACCEPT all -- anywhere anywhere REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flag s:SYN,RST,ACK/SYN reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SY N,RST,ACK/SYN reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:0:1023 reje ct-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpt:nfs reject-w ith icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 fl ags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SY N,RST,ACK/SYN reject-with icmp-port-unreachable |
To make this weirder ...443 works on the server if I browse the website on the actual server. Only outside users cannot hit 443. Right now, I am testing, so my test computer and my server are both on the same router and I turned my firewall off. Still no luck.
This is hair-pulling material. -billy |
It was IPTABLES! as a general rule, I have to remember that firewalls are the root of all evil in unpredictability
Thanks for the help |
All times are GMT -5. The time now is 07:32 PM. |