Hi all -
I'm trying to set up a new web server under Debian unstable, using Apache 2.0.54. There are no virtual hosts, only the single, default host. I need http: on port 80 and https: on port 443. Certificate and key files are set up and referenced correctly in /etc/apache2/mods-available/ssl.conf (and the symlink exists to this file in /etc/apache2/mods-enabled).
Right now, it's only speaking SSL on *both* ports 80 and 443.
If I try to access it on port 80 via plain http: (
http://yoda.malibyte.net *or*
http://yoda.malibyte.net:80), I get:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint:
https://yoda.malibyte.net/
Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-15 mod_ssl/2.0.54 OpenSSL/0.9.7g Server at yoda.malibyte.net Port 443
So, http: requests are getting routed to port 443, which is obviously speaking SSL (as it should - but why are http: requests getting sent there?).
If I try speaking SSL on port 80 (
https://yoda.malibyte.net:80) - the request goes through and I get the box asking me if I want to accept the certificate (and if I do, it serves up the page). This also works correctly on port 443 (
https://yoda.malibyte.net).
Here are the config files:
/etc/apache2/sites-available/mod-default:
Listen 80
ServerAdmin
adm@malibyte.net
ServerName yoda.malibyte.net
DocumentRoot "/var/www/html/"
<Directory />
Options FollowSymLinks
AllowOverride None
AllowOverride Options FileInfo
</Directory>
<Directory "/var/www/html/">
Options Indexes FollowSymLinks MultiViews
# AllowOverride None
AllowOverride Options FileInfo
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
A variation of this file with most of the above in a
<VirtualHost *>...</VirtualHost> construct didn't work any better.
And /etc/apache2/mods-available/ssl.conf:
<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/apache2/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/apache2/ssl_mutex
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
##
## SSL Host Context
##
DefaultType text/html
Listen 443
<VirtualHost _default_>
ServerName yoda.malibyte.net
ServerAdmin
adm@malibyte.net
DocumentRoot "/var/www/html"
SSLEngine On
ErrorLog /var/log/apache2/ssl_error.log
TransferLog /var/log/apache2/ssl_access.log
SSLCertificateFile /etc/apache2/ssl/ssl.crt/xxxx.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key/xxxx.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
CustomLog /var/log/apache2/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php index.html
</VirtualHost>
I've Googled this and found a few similar, but not the same, issues; several involve the older Apache 1.3.xx - there are significant differences in the config files.
I'm not finding anything useful in the log files which would give me an idea as to what's up.
I'm sure I'm missing something simple here. If anyone could clue me in, I'd appreciate the help.
Thanks....Bob