LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-09-2004, 10:55 PM   #1
kuso
LQ Newbie
 
Registered: Sep 2003
Posts: 14

Rep: Reputation: 0
Angry Getting SSL onto PORT 443


Hello,

I just set up SSL and it works if I set my virtual host to a number greater than 1024

https://www.myhost.com:1025 -- works

However, i'd like to get this on 443

https://www.myhost.com -- does not work


My initial httpd process is running as root and I verified this with ps -A -f

My port is open on 443 and I verified this with nmap -sS -O myhost.com


Any clue what could be going on?

Thanks in advance,

billy
 
Old 03-09-2004, 11:04 PM   #2
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
The way I do it is something like this:

NameVirtualHost <ip>:443
<VirtualHost <ip>:443>
DocumentRoot /home/httpd/secure
ServerName <servername>
ServerPath /

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:+EXP:+eNU
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key

<Directory />
Options FollowSymLinks
AllowOverride Options FileInfo
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
DirectoryIndex index.html index.php index.php4
</VirtualHost>

Btw, it might not be in your best interest to run apache as root..... most people agree it is a better idea to run apache under it's own user.
 
Old 03-09-2004, 11:09 PM   #3
kuso
LQ Newbie
 
Registered: Sep 2003
Posts: 14

Original Poster
Rep: Reputation: 0
got all that ....it works fine for ports > 1024 ...just not < 1024
 
Old 03-09-2004, 11:15 PM   #4
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
That is wierd, you have iptables blocking it or something?
 
Old 03-09-2004, 11:36 PM   #5
kuso
LQ Newbie
 
Registered: Sep 2003
Posts: 14

Original Poster
Rep: Reputation: 0
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- 192.168.0.1 anywhere udp spt:domain dpts:
1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S
YN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flag
s:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reje
ct-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-w
ith icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 fl
ags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable
 
Old 03-10-2004, 01:20 AM   #6
kuso
LQ Newbie
 
Registered: Sep 2003
Posts: 14

Original Poster
Rep: Reputation: 0
To make this weirder ...443 works on the server if I browse the website on the actual server. Only outside users cannot hit 443. Right now, I am testing, so my test computer and my server are both on the same router and I turned my firewall off. Still no luck.

This is hair-pulling material.

-billy
 
Old 03-11-2004, 12:41 AM   #7
kuso
LQ Newbie
 
Registered: Sep 2003
Posts: 14

Original Poster
Rep: Reputation: 0
It was IPTABLES! as a general rule, I have to remember that firewalls are the root of all evil in unpredictability

Thanks for the help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Port 443 Verbal Kint Linux - Software 0 10-04-2005 04:07 AM
SSH on port 443 Randvegeta Linux - Networking 4 09-25-2005 07:17 AM
How to deploy SSL(443) port? ukrainet Linux - Newbie 7 04-13-2005 11:47 AM
turn off http port 80, keep https port 443 lothario Linux - Networking 6 02-11-2005 05:06 AM
ssh over port 443 pupton Linux - Software 18 10-08-2004 08:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration