Hello,

I just set up SSL and it works if I set my virtual host to a number greater than 1024

https://www.myhost.com:1025 -- works

However, i'd like to get this on 443

https://www.myhost.com -- does not work


My initial httpd process is running as root and I verified this with ps -A -f

My port is open on 443 and I verified this with nmap -sS -O myhost.com


Any clue what could be going on?

Thanks in advance,

billy

The way I do it is something like this:

NameVirtualHost <ip>:443
<VirtualHost <ip>:443>
DocumentRoot /home/httpd/secure
ServerName <servername>
ServerPath /

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:+EXP:+eNU
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key

<Directory />
Options FollowSymLinks
AllowOverride Options FileInfo
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
DirectoryIndex index.html index.php index.php4
</VirtualHost>

Btw, it might not be in your best interest to run apache as root..... most people agree it is a better idea to run apache under it's own user.

got all that ....it works fine for ports > 1024 ...just not < 1024

That is wierd, you have iptables blocking it or something?

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- clock.redhat.com anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- 192.168.0.1 anywhere udp spt:domain dpts:
1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S
YN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:boot
pc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flag
s:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reje
ct-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-w
ith icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 fl
ags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SY
N,RST,ACK/SYN reject-with icmp-port-unreachable

To make this weirder ...443 works on the server if I browse the website on the actual server. Only outside users cannot hit 443. Right now, I am testing, so my test computer and my server are both on the same router and I turned my firewall off. Still no luck.

This is hair-pulling material.

-billy

It was IPTABLES! as a general rule, I have to remember that firewalls are the root of all evil in unpredictability

Thanks for the help