|
SSL on Apache
I can't seem to get SSL to work. When I point my browser to https://FQDN.com I get an unable to connect error message. While posting this I realized I don't have an <ifmodule> for php, but I'm not there yet. In my error log I receive the following error:
[Wed May 14 21:01:52.268088 2014] [core:emerg] [pid 1012:tid 3069626112] (22)Invalid argument: AH00024: Couldn't set permissions on the ssl-cache mutex; check User and Group directives AH00016: Configuration Failed I tried using SSLMutex directive but then it won't start claiming I misspelled SSLMutex. Anyway here is my httpd.conf: [edit] # httpd.conf ServerName 192.168.1.3 ServerRoot "/usr" PidFile /var/run/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 Listen 80 <IfModule unixd_module> User apache Group apache </IfModule> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> DefaultType None HostnameLookups Off ErrorLog /var/log/httpd/error_log LogLevel warn LoadModule unixd_module lib/httpd/modules/mod_unixd.so LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so LoadModule mime_module lib/httpd/modules/mod_mime.so LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so LoadModule ssl_module lib/httpd/modules/mod_ssl.so LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so LoadModule status_module lib/httpd/modules/mod_status.so LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so LoadModule dir_module lib/httpd/modules/mod_dir.so LoadModule alias_module lib/httpd/modules/mod_alias.so LoadModule php5_module lib/httpd/modules/libphp5.so <IfModule alias_module> #add aliases </IfModule> <IfModule autoindex_module> IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 </IfModule> <IfModule negotiation_module> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr ForceLanguagePriority Prefer Fallback </IfModule> <IfModule reqtimeout_module> RequestReadTimeout header=20-40,minrate=500 RequestReadTimeout body=10,minrate=500 </IfModule> <IfModule setenvif_module> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^gvfs/1" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully BrowserMatch "Konqueror/4" redirect-carefully </IfModule> <IfModule ssl_module> Listen 443 SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLProtocol all -SSLv2 # SSLMutex file:/var/run/httpd/ssl_mutex SSLCertificateFile /etc/ssl/certs/webserver.pem SSLCertificateKeyFile /etc/ssl/private/webserver.pem # <FilesMatch "\.(cgi|shtml|phtml|php)$"> # SSLOptions +StdEnvVars # </FilesMatch> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown <VirtualHost *:443> SSLEngine on ServerAdmin webmaster@localhost DocumentRoot /home/www/secure <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> </IfModule> <IfModule status_module> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 192.0.2.0/24 </Location> </IfModule> <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/www/data <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/www/data> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> As always any help is appreciated. Thanks Here is the final version that worked: # httpd.conf ServerName 192.168.1.3 ServerRoot "/usr" PidFile /var/run/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 Mutex default:/var/run Listen 80 #<IfModule unixd_module> User apache Group apache #</IfModule> #Don't know why I had to comment out the above ifmodule block but I did and that fixed my ssl situation. AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> DefaultType None HostnameLookups Off ErrorLog /var/log/httpd/error_log LogLevel warn LoadModule unixd_module lib/httpd/modules/mod_unixd.so LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so LoadModule mime_module lib/httpd/modules/mod_mime.so LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so LoadModule ssl_module lib/httpd/modules/mod_ssl.so LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so LoadModule status_module lib/httpd/modules/mod_status.so LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so LoadModule dir_module lib/httpd/modules/mod_dir.so LoadModule alias_module lib/httpd/modules/mod_alias.so LoadModule php5_module lib/httpd/modules/libphp5.so LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so <IfModule alias_module> #add aliases </IfModule> <IfModule autoindex_module> IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 </IfModule> <IfModule negotiation_module> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no p pt pt-BR ru sv tr ForceLanguagePriority Prefer Fallback </IfModule> <IfModule reqtimeout_module> RequestReadTimeout header=20-40,minrate=500 RequestReadTimeout body=10,minrate=500 </IfModule> <IfModule setenvif_module> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^gvfs/1" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCMI" redirect-carefully BrowserMatch "Konqueror/4" redirect-carefully </IfModule> <IfModule ssl_module> Listen 443 SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/run/httpd/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLProtocol all -SSLv2 # SSLMutex file:/var/run/httpd/ssl_mutex SSLCertificateFile /etc/ssl/certs/webserver.pem SSLCertificateKeyFile /etc/ssl/private/webserver.pem # <FilesMatch "\.(cgi|shtml|phtml|php)$"> # SSLOptions +StdEnvVars # </FilesMatch> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown <VirtualHost *:443> SSLEngine on ServerAdmin webmaster@localhost DocumentRoot /home/www/secure <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> </IfModule> <IfModule status_module> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 192.0.2.0/24 </Location> </IfModule> <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/www/data <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/www/data> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> |
Did you uncomment this line?
Code:
# Secure (SSL/TLS) connections |
| All times are GMT -5. The time now is 04:37 PM. |